Happy Valentine’s Day everyone! Today, we are taking our relationship with Microsoft to the next level. Symantec is announcing the new Windows Server 2012 platform support release for Veritas Storage Foundation High Availability for Windows.

With the new Windows Server 2012 platform support release, Storage Foundation HA for Windows provides online storage management, full VM level automated Disaster Recovery, and Microsoft Virtual Fiber Channel support for Hyper-V in Windows Server 2012. This allows administrators to attach an array LUN directly into the Hyper-V VM and get a shared storage model within Hyper-V VM that is very similar to how they would share storage in a physical environment. Administrators can enable traditional clustering and high availability configuration and deployment in the Hyper-V guest.

Why wait? Check out what’s new in store here: http://www.symantec.com/storage-foundation-high-availability-for-windows

In a previous blog, Symantec reported on a new Adobe zero-day vulnerability (CVE-2013-0640, CVE-2013-0641) affecting Adobe Reader and Acrobat XI (11.0.1) and earlier versions, that was being actively exploited in the wild. Adobe has yet to release a patch for this zero-day, but in an advisory they have provided a means of mitigation against the attack. 

The initial report on this zero-day being actively used in the wild came from FireEye. They reported that several files were being dropped and downloaded as a result of a successful exploit. Our research can confirm these findings.
 

Figure 1. Attack using CVE-2013-0640
 

The steps in the attack, shown in Figure 1, are as follows:

1. A malicious PDF file drops a DLL file called D.T
2. D.T decrypts and drops a DLL file called L2P.T
3. L2P.T creates run keys and then drops and opens a clean PDF file. It also drops downloader component LangBar32.dll
4. LangBar32.dll contacts a malicious server and downloads additional malware with back door and key logging capabilities

Symantec has antivirus detections in place for the stages of this attack as Trojan.Pidief and Trojan.Swaylib (initially detected as Trojan Horse). The intrusion prevention signature (IPS) Web Attack: Malicious PDF File Download 5 has also been released to detect usage of this specific Adobe exploit in further attacks.

Additional research has shown that the PDF used in this attack would have been caught by our Symantec Mail Security for Microsoft Exchange product and the dropped files used in this attack would have been detected as WS.Malware.2 by Symantec’s cloud based detection technology.

Symantec is currently investigating further protections for this zero-day and will provide an update to this blog when possible. To protect against potential zero-day threats, Symantec recommends that you use the latest STAR Malware Protection Technologies to ensure the best possible protection is in place.

When I began learning AIX, I relied heavily on the AIX system administration tool called SMIT (GUI) or SMITTY (menu based). One of the great things about SMIT is when you "point and clicked" to create a user account, configure NFS, etc., SMIT displays the actual Unix commands being executed on the bottom of the SMIT window. This is how I learned the basics of the Unix command line. Over time I was able to do all of my administration from the command line interface (CLI) and not have to rely on SMIT. Understanding what commands were actually being run opened the door for me to write scripts that automated routine tasks, tweaked system performance, etc. etc.

Fortunately, there is a similar feature in NetBackup 7.x.

In order to see the command line operations being run by the Java Admin GUI, perform the following actions:

1. On the system where you are running the Java Admin GUI (likely the master server) go to the java directory.
# cd /usr/openv/java

2. Edit the "Debug.properties" file.
# vi Debug.properties

3. Uncomment "printcmds=true" line.
printcmds=true

Uncommenting printcmds=true will log the command line operations being run to the java log file, /usr/openv/netbackup/logs/bpjava-susvc/log.MMDDYY.

4. Save your changes.

5. Use the tail -f command to view the log file in realtime.
# tail -f /usr/openv/netbackup/logs/bpjava-susvc/log.MMDDYY

As an example, below is the log output of me using the GUI to bring down the /dev/nst20 path on drive HP.ULTRIUM4-SCSI.002:

19:29:03.945 [13278] <2> command_EXEC: currentObj.UserName = ryan.mccain
19:29:05.415 [13278] <2> sanitary_mb_str: String ""/usr/openv/volmgr/bin/vmoprcmd" -h media2 -downbyname HP.ULTRIUM4-SCSI.002 -path /dev/nst20" is considered sanitary.

Next, I'll bring it back up:

19:29:56.635 [13278] <2> command_EXEC: currentObj.UserName = ryan.mccain
19:29:56.635 [13278] <2> sanitary_mb_str: String ""/usr/openv/volmgr/bin/vmoprcmd" -h media2 -upbyname HP.ULTRIUM4-SCSI.002 -path /dev/nst20" is considered sanitary.

Now that you know the command being run, you now have the option of using the command line to bring down and bring up drive paths.

The real beauty of knowing the commands is the ability to script routine tasks. Staying with this example, if you routinely have to bring down drive paths you can create a simple bash script to do it all for you rather than having to point and click over and over again in the Java Admin GUI.

As we've mentioned many times on these blog pages, organizations are virtualizing more of their applications for good reason.  Virtualization means lower costs for power and cooling, with greater agility.  However, there are risks in terms of virtualizing business critical applications as it relates to high availability and disaster recovery.  While the VMware tools protect the VM and the physical infrastructure from failures, they are not aware of the applications running in the virtual environment.  This is the "application blind spot" that IT organizations need to consider as they move business critical applications to virtual environments.  The Symantec high availability and disaster recovery solution, aka Veritas Cluster Server, monitors and recovers applications removing this blind spot.  To learn more about these capabilities, please visit our "Application Blind Spot" website and download analyst reports from IDC and Taneja Group.   

以前のブログでお伝えしたように、Adobe Reader および Acrobat XI の 11.0.1 以前のバージョンに影響する Adobe 製品のゼロデイ脆弱性（CVE-2013-0640、CVE-2013-0641）が、頻繁に悪用されています。Adobe 社から、このゼロデイ脆弱性に対するパッチはまだ提供されていませんが、セキュリティ情報において、この攻撃に対する回避策が公開されています。

このゼロデイ脆弱性がさかんに悪用されているという最初の報告は FireEye 社からもたらされましたが、その報告によれば、脆弱性の悪用に成功するといくつかのファイルが投下され、ダウンロードされるということです。この動作は、シマンテックの調査でも確認済みです。図 1 に、攻撃の各段階を示します。
 

図 1. CVE-2013-0640 を悪用した攻撃
 

シマンテックは、この攻撃の各段階をそれぞれ Trojan.Pidiefおよび Trojan.Swaylibとして検出します（後者は当初 Trojan Horseとして検出していました）。Adobe 社の今回の脆弱性がさらに別の攻撃で悪用されても検出できるよう、侵入防止シグネチャ（IPS）として Web Attack: Malicious PDF File Download 5 も公開されています。

さらに調査を進めた結果、この攻撃で使われる PDF は、Symantec Mail Security for Microsoft Exchangeでも検疫されること、投下されるファイルはシマンテックのクラウドベースの検出技術で WS.Malware.2として検出されることを確認できました。

シマンテックは現在、このゼロデイ脆弱性に対する保護対策をさらに調査中であり、詳しいことがわかり次第このブログを更新する予定です。今後のゼロデイ攻撃から身を守るために、最新の STAR マルウェア対策技術を利用して、できるかぎりの保護対策を講じることをお勧めします。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

スペインの警察当局は、警察を装う特定系統のランサムウェアに関与した人物を逮捕したと発表しました。これは Ransom.EY として知られるランサムウェアで、シマンテックは Trojan.Ransomgerpoとして検出します。

Trojan.Ransomgerpo は、警察を装うランサムウェアとして最も初期から活動してきた亜種のひとつで、シマンテックは遅くとも 2011 年 7 月からこれを追跡してきました。ドライブバイダウンロードを利用して拡散するトロイの木馬で、Blackhole 悪用ツールキットとも関連があります。初期バージョンではロック画面もごく単純なものでしたが、その後急速に進化を遂げています。図 1 でわかるように、作成者は明らかに他のランサムウェアグループからデザインを借用しています。

図 1. Trojan.Ransomgerpo の初期デザインと、洗練された最近のデザイン（最新画像は、Kafeine 氏により botnets.fr からご提供いただきました）

図 1 で示されているように、当初はドイツのユーザーだけを対象にしていましたが、その後数カ月のうちに、それ以外の国や地域、特に米国も狙われるようになりました。標的となった国や地域の全体の分布を図 2 に示し、Trojan.Ransomgerpo の活動の推移を図 3 に示します。

図 2. Trojan.Ransomgerpo の感染分布図

図 3.感染活動の推移

攻撃者の活動は明らかに断続的で、Trojan.Ransomgerpo の拡散は不規則です。

シマンテックも、他のセキュリティ企業や研究者も Trojan.Ransomgerpo に関して法執行機関に情報を提供しており、今回の逮捕を歓迎しています。シマンテックは今後も、サイバー犯罪者の逮捕に向けて法執行機関への協力を続けます。

警察を装うランサムウェアについて詳しくは、16 種類の Ransomlock グループの調査結果をまとめたホワイトペーパー（英語）を参照してください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

With a lot of help from Symantec, we narrowed down some of the issues with image deploy. And it's all timing related, which is another word to say product design?

When a machine that has any changes other than whats already reflected in the database (New machine, existing machine's F8'ed in to a task server, a machine that just had a name change...) The database needs a resource membership update, and this machine is not allowed access by any of the software tasks due to licensing/client not capable.

So lots of Delta Reource Updates for most o the error messages. And more calls to come with Symantec Support.

Check out the screen shot below. This actually means, some jobs ran, but at least 1 failed. And you have to click on everyone to find which one failed.

:)

It’s interesting to me that many IT organisations that I speak to now have started to realise that “infrastructure” may no longer be king.

If I think about the projects and strategies that I was working on 5 or so years ago, almost all project focus (time, effort and money) was directed specifically at IT “plumbing”…. “We need to implement archiving, let’s buy some storage and a bit of software”, “our business is asking for highly available systems, let go build a second datacenter”.

One of my favourite IT books of the past decade and one that many will remember was, “Does IT Matter?” by Nicholas Carr (here). This thought provoking (and seemingly controversial) work discussed the idea that, in all industries, infrastructure eventually becomes ubiquitous and commoditised and that when this happens, a business can no longer rely on that infrastructure to differentiate itself from its competitors.

The analogy that stays with me here uses the steam railway systems of the Victorian era in England..

There was a time, soon after the invention of the steam locomotive, that a few businesses in the England were able to compete very aggressively and win huge market share due to the fact that they had invested to lay their own railway tracks on which to carry goods and quicken their supply and delivery chains. Of course, after a time, the railway system exploded as a result of the industrial revolution. The railway tracks became almost ubiquitous and EVERY business had access to this revolutionary mode of transportation.. In other words, NOBODY could use it for competitive advantage.

Back to IT today. I believe that Nicholas Carr’s predictions of 2004 have played out over the past few years. Every week, I see new IT projects die through lack of interest from the business because they were “infrastructure focused”…. “But what does this investment MEAN to the business?” the board of directors ask. “It’s hard to quantify, exactly”, replies the IT executive.

The emergence of Cloud computing, of course, serves to demonstrate and fuel this dynamic. “Well, perhaps this infrastructure stuff has become such that we should not even own any !” being the logical conclusion to this IT trend.

So, what’s the lesson here ? Well, I’ve been talking to IT executives recently about the concept of creating “I-Centric” strategies. These are strategies for information service delivery that put INFORMATION (“I” – information) and PEOPLE (“I” – me) at their center. I believe that, only with an early focus on the business of connecting people and information to differentiate a business, will we create IT solutions that a truly interesting to the board of directors.

Instead of, “We need to implement archiving, let’s buy some storage and a bit of software”, maybe start with, “What regulatory framework do we need to comply with ? What information needs elevated protection ? What does it mean if somebody access this archive from a mobile device outside of our national borders? What impact will an implemented version of this have on the bottom line”…

Of course, strategies like this don’t come easy. They also don’t start with infrastructure planning. They should start (like so many things) with thorough planning and governance. Importantly for IT, I think, they should also start with a close partnership between the business and IT. Get the objectives agreed in detail, plan exhaustively, create policies and governance systems that align to the risk and compliance landscape and the technology phase will come easy. That's the theory, anyway.

Otherwise, we are just laying more railway tracks…..

The Endpoint Management team is gearing up to celebrate another successful event at Symantec Vision. Filled with new sessions and the same 1:1 access to Product Management and Development, it’s time to register and start customizing your Vision Experience.

This year, Vision is all about the extras—including new types of breakout sessions and hands-on labs, expanded networking opportunities, and even more flexibility to customize your Vision experience. You might even win the chance to choose your own Grand Prize. So register now, and then visit the Vision website to:

• Explore the Vision Session Catalog. Then choose sessions that will help you embrace BYOD and support all the different devices across your organization or dive deeper into IT Management Suite 7.5. This includes sessions like, Making BYOD a Reality, Simplify Your Windows Migration, and more.
• Sign up for a FREE certification exam. The first 100 Vision attendees to sign up for a certification exam can take the test on-site absolutely free! You could select from one of the 7 IT management-specific certification exams to further your Altiris product knowledge. This offer won’t last long, so make sure you register for Vision and sign up for your exam quickly.
• Take advantage of your CONNECT membership. If you’re a CONNECT user, make sure you use the Connect + Vision registration code to earn 500 Symantec Connect Rewards Points.
• Want to pick your own Grand Prize? Vision is always about choice, and this year that even includes our Grand Prize Drawing. If you’re the lucky winner, we’ll send you to your favorite sports event or awards show, including tickets, airfare, transfers, accommodations, and even a little extra spending money. Watch for more details about how to enter coming soon.

Of course, the only way to get all these great extras is to attend Vision. So register now. Watch for the launch of our Expert one-on-one scheduler and a big Wednesday night entertainment announcement in the next couple of weeks. And find out how Vision 2013 can add extra value to your organization.

There’s still time to save $200! But not for long –discount ends March 8th.

Did you know Symantec had a buying program designed for MSPs?

ExSP licensing provides the benefits needed to efficiently add Symantec solutions to your managed services.

Some of the key benefits:

• Pay only for what is used each month and the end of the calendar quarter
• No More Renewals
• No End User Contact – You Are Symantec’s Customer
• Includes Many Symantec Products Such As On-Prem and Cloud, Security and Backup Solutions

For more information call or email (855) 210-1101  MSP@Symantec.com

Dear All,

As day by day security threat are increasing  and u need to more proactive approach to find latest details and make security tighten. As hackers group are continously working to break out security measures but at the same time organization spending lots of resource and money to make bussiness smooth and secure.

I think this is not just spending the money on IT security and having securty experts. makes u secure by implementing the security solutions. It is equally important to you how intellegently and smartly you take care each sides of security threats and configure it accordingly.

Please also read below threads for getting updates on some recent security threats

• Shamoon virus targets energy sector infrastructure

            http://www.bbc.co.uk/news/technology-19293797

• Joint Effort Snares Gang of Cyberthugs

            http://www.technewsworld.com/story/77316.html

• Threat from new virus-infected emails which take over your PC even if you DON'T open their attachments

           http://www.dailymail.co.uk/sciencetech/article-209...

Based on demand I have updated both the PatchAutomation [1] and ZeroDayPatch [2]downloads with a few additional features that allow the user to better control which bulletins are handle and how to invoke the tools.

Here are the new feature command line details:

/config=<file path>
    Reads the file at the provided path and parses each line for com-
    -mand line options. Here is a sample config file content:
      /severity=critical
      /custom-sp=CWoC_GetAllBulletins
      /vendor=google
      /dryrun
      /debug

/custom-sp=<sp_name>
    This option allows the user to specify a custom stored procedure to
    be called during the execution. The stored procedure may be present
    on the database (if not the automate will return with no errors) and
    must contains the following columns that are used and needed:
      * _resourceguid [Software bulletin guid]
      * released [Software bulletin release date]
      * bulletin [Bulletin name]
      * severity [Bulletin Severity]
    You can also add a vendor column if you want to filter bulletins by
    vendor (see option /vendor)

/vendor=<vendor string>
    Configure a vendor filter to only return bulletins that match the
    vendor string from a custom procedure. This is because the vendor
    field doesn't exist in default Patch Procedures used by this tool.

    If /vendor is specified with a custom-sp that doesn't contain the
    vendor field the setting will be ignored (all bulletins will be
    returned).

Manage Microsoft critical updates released in 2012:

/custom-sp=cwoc_getallbulletins
/vendor=microsoft
/severity=critical
/released-after=2011-12-31
/released-before=2013-01-01

Manage Google critical updates released in 2012:

/custom-sp=cwoc_getallbulletins
/vendor=google
/severity=critical
/released-after=2011-12-31
/released-before=2013-01-01

[1] {CWoC} Patch Automation - With Full Test Life-cycle
[2]  Patch Automation Tool for PMS 7.1 SP2
[3] {CWoC} PatchAutomation Toolkit - Documentation and Guides

Hi,

Since Now a days many users are shifting from Windows 7 to Windows 8. In this blog we can have the problems posted regarding Symantec Issues in Windows 8 and migration tips like that

I’ve been asked a few times recently as to whether there is any way to display thumbnails of archived images. The short answer is no there is not. Windows deliberately does not display the thumbnail for offline (archived) files. This could cause a mass recall of archived files each time you browse a folder in Windows/File Explorer. This is something you do not want, particularly if the archived files are on slow media such as tape. So Windows leaves you with a generic image thumbnail for archived files.

If you have hundreds or thousands of images in a folder, then it makes it very difficult to work out which image you want if they have been archived. While there is no direct fix for this, I have come up with a workaround which you may be able to use in certain situations.

The premise of the workaround is to create a separate thumbnail file which does not get archived. So when browsing a folder you would see the thumbnail and the archived file, something like this:

Once you’ve found the image you want through the thumbnail, you then open up the archived file associated with it. It will mean you double up the number of image files and those files will take up additional space, but in my testing with this procedure, the thumbnails were taking up 5-7KB of space. The space saved by archiving will more than outweigh the overhead of having the thumbnails.

I generated the thumbnails using Easy Thumbnails from Fookes Software (disclaimer: I am not associated with Fookes and any use of their software is undertaken at your own risk). Thumbnails can be generated through their UI, or conveniently for this procedure they can create them from a command line.

You could create the thumbnails once, but then what about new images that get created? I’ve created a PowerShell script which you can schedule to run on a regular basis, such as weekly:

#----- define parameters -----#
#----- get current date ----#
$Now = Get-Date
#----- define amount of days to look back ----#
$Days = "7"
#----- define folder where files are located ----#
$TargetFolder = "C:\Temp\Photos"
#----- define extensions to create thumbnails for ----#
$Extension = @("*.gif", "*.jpg")
#----- define LastWriteTime parameter based on $Days ---#
$LastWrite = $Now.AddDays(-$Days)

#----- get files based on last write filter and specified folder ---#
$Files = Get-Childitem $TargetFolder -Include $Extension -Recurse | Where {$_.LastWriteTime -gt "$LastWrite"}

#----- for each image file which has been modified in the last $Days
#----- and which does not contain "_tn" in the file name
#----- create a thumbnail
foreach ($File in $Files)
   {
   if ($File -notmatch "_tn")
       {
             write-host "Creating Thumbnail $File" -ForegroundColor "DarkRed"
             & "C:\Program Files (x86)\Easy Thumbnails\EzThumbs.exe" $File /P="_tn" /W=200 /H=200 /Q=50
          }  
    }

This PowerShell script can be run from the command line with:

powershell & ‘c:\scripts\create_thumbnails.ps1’

As it stands, this script will create thumbnails for gif and jpg image files that have been modified within the last 7 days. You can change the parameters to specify:

-          The time period to look back for new or modified image files
-          The folder to target
-          The extensions of the images to target (this list can be extended beyond two)

Easy Thumbnails does not pay any attention to the Offline attribute on archived files. So if you did not specify a date parameter it would create a thumbnail for all files in a folder tree including those that are archived. If you already have archived files you may want to do this as a one off during a quiet period. I would recommend using pass-through recall if you want to do this as the creation of the thumbnail will not cause a recall back to disk. You will need to ensure that the account you run this as does not have the mass recall restrictions applied to it. Going forward, ensure the date parameters in the script are set so that thumbnails will only be created for recently created or modified files.

The last part of this is to insure that the thumbnails do not get archived. The thumbnails created with the script will be named <filename>_tn.<gif or jpg>. The common part being ‘_tn’ in the file name. A ‘do not archive’ rule can be create to exclude ‘*_tn.*’ files from archiving:

Ensure this ‘do not archive’ rule is placed ahead of your ‘archive’ rule in the rules list:

While this workaround is not perfect and is not suitable for all scenarios; where you have image libraries that are archived, I’m hoping you can make good use of this. I would be interested in your feedback as to whether you have found this useful and whether you have been able to implement it at all. A similar procedure could also be used for video files using video thumbnail generation software.

Terms of use for this information are found in Legal Notices

To create a good product it requires lots of talent, great team work, and really good communication. To have a great product, the entire team needs to be focused and driven.

Up to this point, Symantec has some of the best sales people, a good Sales Engineering group, decent technical support team, but where is the communication with the Dev group? How come we never hear from those guys? Are they locked away and not getting the feedback from the users?

This will be our 7th week with the Symantec SMP 7.1 MP1 product, and while 90%+ of the suite is working or workable, we continue to have imaging issues. While i'm optimistic that Symantec has the resources to resolve our issues, it's rather unfortunate that the basic functions do not work out of the box. Atleast not reliably, which their 6.x version did without any issues. 

So moving on to next week, focusing on the same imaging issue, but with more detailed problems:

1. Deploy Anywhere will cause a halt after domain join, and when the user clicks on the GP enforced eula a reboot happens, then everything works ok. Even though the job shows as complete in the console. This is sporadic with a majority of the machines acting this way and maybe 10-20% will complete the jobs and functions like it should and leaves the system at the Ctrl+Alt+Del screen.

2. Deploy Anywhere's GhostUser account configures it's self as auto logon. So every reboot the machine logs on to this user account. Huge flaw.

3. Odd driver issues where our HP 6200 Pro desktops will not image if Deploy Anywhere is enabled.

4. Imaging new or F8 machines requires a Delta Resource Update. Un-acceptable work around in production.

We have the full engagement of the Symantec DS group and one of the best Support Engineer working with us full time, maybe it's time to hear it from the Dev guys? 

Where are the wizard behind the cloak? Hopefully not outsourced?

Successful technology adoption requires managing the drawbacks while maximizing the benefits, and few trends today illustrate this better than mobility. We’re seeing a wide variety in the degree to which organizations are allowing employees to use mobile devices for business, as well as the amount of control they are exerting over devices and applications. To see the results of these different philosophies and determine how organizations can get the most out of their mobile deployment, Symantec surveyed more than 3,000 organizations, from SMBs to large enterprises.

Innovators and Traditionals

We asked the businesses about their level of involvement with mobility, and noted two distinct groups among the respondents. The first group is the innovators. These organizations are willing to be the early adopters of new technology, taking an active approach to try new things that can benefit the business. On the other hand, there is also a group of traditional organizations that are more resistant to change until circumstances pressure them to react.

The two groups have different attitudes when it comes to mobility. The innovators are motivated to adopt mobility because of business drivers, with 84 percent rating them as important. On the other hand, the traditionals that adopt mobility are being influenced by user demand and they take a reactive approach. These attitudes may be influenced by different perceptions of risk – two-thirds of innovators feel that the benefits of mobility outweigh the risks, while three-quarters of traditional feel that is not the case.

Mobility Adoption and Management

The differences are affecting the rate at which these groups are taking advantage of mobility. About 50 percent more employees use smartphones in innovator companies compared to traditional, and the innovators also more frequently purchase the devices for them. We’re seeing a similar trend related to mobile apps as well, with innovators more commonly using mobile devices for business apps. In addition, 83 percent of the innovators are considering creating corporate app stores, compared to 55 percent of traditionals.

In addition to the use of the devices themselves, the innovators are also more likely to manage mobility through policies, and implementing tools to protect information. The use of technology is different among the two groups as well, with innovators nearly twice as likely to enforce policies through technology, as opposed to traditional who prefer a manual approach.

The Costs and Benefits of Mobility

As with early adoption of any technology, mobile innovators are seeing more costs than traditionals. In fact, they’re experiencing nearly twice as many incidents such as data or productivity loss, as well as direct financial costs. However, they are also experiencing far more benefits, explaining why the majority still feel that it is worth it. These benefits apply to the employees as well as the organization as a whole. The innovators are experiencing greater overall productivity, happier employees and better employee retention. The business as a whole sees improved brand value and customer happiness, making them more competitive and able to make better business decisions.

The innovators are also seeing dramatic improvements in revenue, showing significant separation from the traditionals. On average, they are seeing a nearly 50 percent increase in revenue growth and profits.

Recommendations

As organizations from SMBs to enterprises look to effectively implement mobility and enjoy the benefits with minimal risks, Symantec recommends the following actions:

1. Being cautious about mobility is okay. Being resistant is not. Start embracing it.
   Taking an intelligent approach to mobility is more effective than trying to put off adopting it.
2. Start with the apps with greatest productivity benefits for employees.
   Whether it is simply email, or document sharing, maximize immediate benefits by starting with the most important apps, branching out as you work through any challenges that arise.
3. Learn from the innovators – get the benefits while minimizing the risks.

             a. Ensure secure access to apps – Focus on identity management through measures such as strong password policies.

             b. Protect your apps and data – Application management, as opposed to whole-device management, can be effective at delivering security where it is needed.

             c. Put in place effective device management – Ensure that mobility policies are consistently followed for all devices, following all applicable regulations, to keep information safe wherever it is used.

             d. Implement comprehensive threat protection – Cyber criminals are shifting their focus to mobile devices, and it’s becoming increasingly important to protect against rogue apps, unsafe browsing and external attacks.

             e. Supply secure file sharing – The productivity of sharing files in the cloud also introduces additional risks that need to be guarded against.

For more information on the State of Mobilty Survey, see the full report: http://bit.ly/V50XIa.

Enterprise Vault File System Archiving has over the last few years had many improvements made to it to really just the 'Enterprise' title. One of the best of these is a checkpoint mechanism. In this post I'll explain a little about how it works and how it can really help.

If you have a large file server with 10,000's of folders, and millions of files, it really doesn't matter how big you make the archiving window it is unlikely that the archiving task will manage to get through evaluating every single file. Prior to the introduction of the checkpoint mechanism this was a big problem for Enterprise Vault administrators. What would happen is that each time the archiving task started it would scan through folders and files and start archiving and processing them.. but it would never get to some folders.

People tried many things to get the task to complete a full pass, such as making the window bigger at weekends, or by splitting volumes and targeting in different places. But these didn't always work.

With the checkpointing mechanism what happens is that every minute or so information relating to where the task is currently processing, including the actual file, is written to an .XML file on the EV server. When the task stops, the file is also updated. This means that the next time that the task starts, it can read this XML file and work out where it should 'resume'. After a little bit of processing, that's exactly what the task can now do.

Here is an example of the file:

It should be noted that if you run the archiving task manually from the 'targets' section of the VAC you might lose the checkpointing information.  You get the following popup:

Performing a web application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work penetration testers hone their methodology and develop efficient ways of applying their knowledge in order to identify specific vulnerabilities. The "Web Application Penetration Test Tricks" blog series will examine simple methods for testing some interesting web application vulnerabilities. In other words, we'll take a look at some tricks of the trade that you can implement while performing penetration tests against your own web applications!

Many web applications implement file upload functionality using an <input type=" file"> field. The file is uploaded to the server where the web application does something with it, often storing the file for subsequent download by other application users. What if a file containing a virus could be uploaded? Could the virus be spread to other applications users through the web application? And how could you actually test this vulnerability? You don't want to actually spread a virus, and besides local anti-virus software might interfere with testing.

The answer is the EICAR (European Institute for Computer Antivirus Research) anti-virus test file, formally known as the "EICAR Standard Anti-Virus Test File". This file contains the following 68-character plaintext string:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Although it is not actually a virus, most anti-virus software will flag files that contain this string (with up to 60 characters of optional preceding whitespace) as a virus. The anti-virus test file can be downloaded from http://www.eicar.org/85-0-Download.html. Here Microsoft Security Essentials is shown quarantining the anti-virus test file:

Here Symantec Endpoint Protection is shown detecting the anti-virus test file:

The anti-virus test file is therefore perfect for testing web applications. Just upload the file onto the web server. If the file can be subsequently downloaded with the test string intact, you know that the web application is not performing virus scanning of uploaded files. Consequently, the web application is vulnerable and can be used as a mechanism to propagate viruses to unknowing users. Web server administrators should deploy anti-virus software on web servers, and developers should ensure that the web application leverages the anti-virus software to scan uploaded files before disk storage.

That's all for the first installment of the "Web Application Penetration Test Tricks" blog series. Next time we'll take a look at clickjacking, another vulnerability that targets unknowing web application users. Cheers!
 

Security in IT doesn't come for free. It always involves cost in terms of following in addition to applicance and/or license cost:

1. System performance

2. User awareness

Every type of IT security, whether it is antivirus scan, hard disk enryption or data loss prevention agent, finally ends up in consuming processing power of computer. Neither does it add any money-wise value to the business. Security program is seen as a cost center to the business.

Many times system performance hampers serious business processing leading to some or other type of loss, which is obviously not acceptable to senior management. Therefore, all initiative of security should be taken at higer management level, then only, there are high chances of security program getting successful. Chief Information Security Officer (CISO) plays a very important and vital role in explaining the dynamically changing threat landscape and the need of security program and the cost involved in it to deal with threat landscape.

Risk Analysis helps in identifying cost to benefit ratio.

It should be understood at higher managemet level that cost of not dealing with the risk is much higher and therefore they take decision to mitigate or tranfer the risk. Bottom up approach in security program is destined to failure, right at the initial stage only.

Higher management involvement is important not only for funds approval but also to understand the actual risk involved in the nature of business being done. Again risk analysis process helps in identifying that.

By Wade Wyant, President of ITS Partners

With all the hype surrounding mobility these days, it’s hard to get a clear picture of what’s going on and how it relates to vendors. The State of Mobility Report from Symantec helps cut through the hype to identify industry trends and highlight needs that can help us better pursue mobile initiatives with our customers.

We have a lot of customers who are beginning to develop their mobile strategies and find themselves faced with challenging questions. What is ultimately driving mobile technology adoption? Some organizations are responding to pressure from their employees, while others are primarily concerned with the vast amount of potential business benefits mobile technology brings. It was helpful for us to see (included as part of the report findings) that ‘innovators’ versus ‘traditional organizations’ have differing experiences when considering mobile deployment initiatives – a staggering two-thirds of the innovators feel the benefits to implementing a mobile strategy outweigh the risk.

It’s also important for to point out that among the innovators, 50 percent more of their employees use smartphones than among the more hesitant businesses (i.e., traditional organizations); in addition, more of the innovators and their employees are actively discussing corporate app stores. What is particularly useful to us as a member of the partner community is the fact that the innovators are more often using technology to manage mobile devices, which provides us with another discussion point as part of our ongoing conversations with customers about the future of technology and how it can benefit their business.

It was interesting to us that all kinds of businesses in the report experienced some hiccups with their mobility deployment – but what was more surprising was that innovators seemed to experience many more incidents and yet they still believe mobile adoption is worth it, regardless of the potential setbacks. This brings us to what we feel is the most important takeaway from the report -- despite some challenges, the mobile innovators are experiencing almost 50 percent higher profits than those traditional organizations that are less willing to embrace mobility. This statistic serves as a significant proof point as we develop our business objectives and go-to-market strategy while helping our customers develop their own mobile implementation plan. Symantec’s State of Mobility Report demonstrates definitively that companies are better off embracing mobility and taking an intelligent approach to their deployment, rather than trying to resist as long as possible. It’s clear that future success for any business lies in adopting a mobile strategy and we look forward to serving as a key resource to our customers as they move toward mobility.