Patch Tuesday … (December, 2008) Updated

This is the first in what is going to start being a monthly recap of Microsoft’s Patch Tuesday.  It will be a quick summary of how many patches where released as far as our Windows Server Update Server (WSUS) is concerned.  The way that we currently are configured, we push the updates out to the IT Department on the first day that a patch is released and two servers for to test the updates and make sure that everything works.  After one week if there are no problems we will release the updates to the rest of the factory.  This process will get modified if there are any high priority updates.  This would include any update that is actively being exploited.

The computer in the test group are:
2 Windows XP installations
1 Vista installation starting in January 2008
1 Office 2003 installation
1 Office 2007 installation
2 Windows 2003 servers (1 Domain Control, 1 Application Server)

This month there were 16 updates covering Windows XP, Office 2003 and Office 2007.  There were no updates 6 for our Windows 2003 servers.  We did not have any Vista machines before this round of updates.  I am just setting the first Vista machine up for the company today for testing.  After two days everything seems to be running pretty good.

I did have a problem with my personnel notebook which is running Vista.  After installing this months updates and rebooting, my CPU was running at about 95% utilization.  It would swing up to 95% for about 10 seconds and then drop to 5% for 5 seconds and then repeat.  I let it run for almost an hour to see if it would settle down.  I tried reboot a couple of times but had the same results.  I when back to the restore point from before the updates were installed and that fixed the problem.  For some reason I decided to try installing the updates again today and everything went fine.  I am not getting the big spikes in utilization.  I didn’t think much of it until lunch today.  I was talking to the other half of the IT Department and he had a similar problem with the updates this month.  After installing them and rebooting, he had not networking.  He restored to the restore point from before the updates and then reapplied them and everything worked fine on the second try. 

Update: It does not look like I will have a Vista machine to test after all next month.  The Time and Attendance software that we are using does not run on Vista.  I guess we may have to upgrade to the new version before we start looking a rolling Vista out.

Update: Not sure why, but two days after approving the updates from the WSUS server the Windows 2003 servers FINALLY decided that they did have some updates.  The servers are usually the first machines on the network to show that there are updates available.  That said there where 6 updates for the servers.

Virus, Virus everywhere , but nothing seems to stop them …

It seems as if there is a zero day exploit floating around out in the wild that is still unknown.  In the last 6 years we have had less than 5 computers get infected at work.  In the last three weeks we have had a steady stream of calls about computers acting weird.  Almost all of them have had trojans installed and two of them have been rooted.  All of the computers affected have been fully up to date with both patches and AV definitions.  At work we are using avast! for our antivirus software, and had not had a problem until the last few weeks.  Like most IT shops we will look at personnel computers when thing are not too busy.  We’ve had lots of home computers coming in infected also.  Most of them have also been fully up to date.  Only one of them was really asking for a problem.  Some of the antivirus software packages that have been on these computers are AVG, McAfee and Trend Micro.

I’m not really sure wall all this means, but it is getting old.

Security Project Update …

No dice. I am still getting the random reboots after reinstalling Windows, PGP Whole Drive Encryption and the Maxtor OneTouch software. I uninstall the Maxtor software and everything seemed to start running pretty good. The one thing that I did find is that VMware Workstation runs VERY slowly on this setup. I guess that makes should not be surprising seeing as that the drive that contains the virtual machine is located on a encrypted drive. This could also have something to do with how I create virtual machines. When setting them up, I always create the virtual disk as one file instead of breaking them up into smaller parts. Other than that I am not seeing much of a performance hit.

Well I am going to keep going on this project and will keep everyone informed.

Security Project Update …

This is one project that is getting off to a rocky start. I installed PGP Whole Disk Encryption and the Maxtor OneTouch software and started having problems with blue screens almost instantly. If the Maxtor drive is not connected to the notebook everything seems to be running pretty good, but as soon as the Maxtor backup software starts to do its thing the notebook slows down and then will blue screen after a few minutes. I am getting two to three reboots per day. This weekend I am going to reformat the notebook and reinstall Windows and the two software packages that I am trying to test.

We’ll see how this goes.

Security Project …

Well it has been a while since my last posting.

I have started looking at something that has been a problem at work for some time. We have fourteen users that carry notebooks. There have been way too many stories about people losing notebooks with information that shouldn’t be out of the building. We do not have any sensitive data walking around on these notebooks, but if one of them were lost they do have VPN connections back to the building. The VPN connections are based on certificates, so the users do not need passwords to connect. That means that also someone needs to get into our building is to get around the users login password. What I am looking to do is encrypt the hard drives of the notebooks, but that opens up another problem if Windows goes south. How do you get at the data? Before anyone yells backups; think about the fact that most of these users are not in the building where we can make sure that the backups are being done. This means that we have to make sure that the backup process is easy enough that it will be done. The process that we are looking at is to encrypt the drives with PGP Whole Disk Encryption and the use the Maxtor OneTouch solution for doing backups. I have installed both software packages on my notebook and will be testing them over the next several weeks to see how it works.

I’ll keep everyone posted on how this goes.