Tuesday, November 05, 2013

Sophos UTM (with 10 licenses for Endpoint Protection) Free For Home Use

Sophos previously didn't have a full featured home-use antivirus.
They had one that you could run manually if you think you have an infection, and they had a home-use clause for their business customers that let them give it to employees for use at home for free, managed by the IT folks in the office, but there wasn't a way to buy it for home unless you wanted to buy the minimum size of 5 licenses for small business use.

Recently they made their UTM product (the firewall formerly known as Astaro Linux) available for free to home users and it comes with 10 licenses for home use for the full featured Endpoint Protection client.

The central configuration console on the UTM is not as slick as the Enterprise console, and it doesn't allow you to control Sophos' hard drive encryption software, but it does let you set up the Antivirus, Web Filtering, Firewall, and Intrusion Protection features. It doesn't need a Windows domain, so you can use it on Windows Home editions. The one thing that makes it really only for techie home users is that the UTM has to be installed on dedicated hardware or in a Virtual Machine.

If you already know how to set up a VM, then you are ready to go, just download the pre-built VM, or the software ISO and give it a try. http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

So with this you get a full featured Endpoint Protection program and a network based firewall system with more different VPN options than I have ever seen in one product. This is great for people running home labs for networking courses or Infosec research.

Having played around with it a bit at home I would rank it's UTM firewall capabilities fairly low in terms of flexibility compared to the FortiGate UTMs I'm familiar with, but you can't beat free for home networks.


Thursday, September 19, 2013

Is It a VM?

Having a hard time keeping track of which machines on your network are virtual?

I have just the script for you. I wanted to have a way to quickly find out what machines were virtual at work, so I whipped this up in PowerShell today.

Param(
    [string]$ComputerName = 'localhost',
    [string]$ComputersListFile
)

if ($ComputersListFile) {$computers = Get-Content -Path $ComputersListFile} else {$computers = $ComputerName}
if ($ComputerName -eq'localhost')
    {
        if((Get-WmiObject -Class win32_bios).SerialNumber.StartsWith("VMware")) {Write-Output "This machine is a VM!"} else {Write-Output "This machine is probably not a VM"}
    }
else
    {
        invoke-command -ComputerName $computers -ScriptBlock {$hostname = hostname; if((Get-WmiObject -Class win32_bios).SerialNumber.StartsWith("VMware")) {Write-Output "$hostname is a VM!"} else {Write-Output "$hostname probably is not a VM"}}
    }

This only works as it is for VMWare virtualization, not for Hyper-V or VirtualBox, but it would be easy to add tests for those too. The test is to look at the BIOS SerialNumber and see if it starts with the string "VMware". It's just that simple. ...You could also look at the MAC address of the NIC and see if the first few digits match one of the VMWare prefixes, but the BIOS string was easier.


Run it like this:

.\IsItAVM.ps1 -ComputerName computer1, computer2, computer3

or like this if you have a list of computers already in a file:

.\IsItAVM.ps1 -ComputersListFile U:\computers.txt

Of course, this will only work if the computer you are testing is Windows with PowerShell and has PowerShell remoting enabled, and you are not blocked by a firewall... but in an IT environment where PowerShell is being used for management this fits nicely.

Have fun!

--
Edit: Added a little bit of code to better handle the localhost case. If you just run it as .\IsItAVM.ps1 or manually specify just localhost in the -ComputerName then it will not try to use Invoke-Command, so it will not need remoting turned on for a localhost check. Also it gives a slightly different message on a localhost check.

Wednesday, September 11, 2013

Why You Want Your Next File Server To Be Win2012 - Dedup

In the teaser post I showed you this image. It is a little bit misleading. My 722GB of data actually occupies 483.72 GB of disk space.
To compress it down to less than 2gb would require a type of black magick even Microsoft isn't able to produce.


I am using Windows 2012 data deduplication, which is a new technology that saves disk space by looking at each block on the disk and if there are multiple blocks that are the same it only saves one copy. So, if you have several copies of the same file, even if they are a little bit different from each other, or if you have files with lots of repetition (like log files), it can save you lots of space.

Because I'm using Windows data deduplication, the size on disk only shows the size of the metadata. With PowerShell's Measure-DedupFileMetadata command I can get the actual space used.




Adding the SavedSpace shown with Get-DedupStatus to the DedupSize shown by Measure-DedupFileMetadata indeed does add up to 721.26... just short of the Size of 722.68GB reported by the Measure-DedupFileMetadata and 722GB reported by the GUI. Given a margin of error on that calculation to account for rounding, that seems right to me.

Ok, so it didn't shrink it down to 2GB like the teaser might have lead you to think, but shrinking 722GB down to 484 GB is pretty impressive still, that's about a 33% savings. With a volume size as large as this (yup that says 20TB, but it's not real, we'll get to that in a later post) NTFS can no longer do file compression (NTFS file compression is not possible on drives that have a larger cluster size than 4K), but the new data deduplication applied at the volume level makes decently efficient use of space.

By now you are probably starting to see why it's suddenly important to start learning about PowerShell, if you haven't already started. The Windows GUI will no longer be sufficient to properly administer newer versions of Windows. For the past several years it was necessary for Exchange Server admins to get the most out of that product, and for Server Core editions of Windows Server to be manageable at their own console, but now newer features like Disk Deduplication and Storage Pools, require it in order to get the most out of these features. Much like Linux and Cisco, Windows is headed to an age where those who understand it's command line will be able to do much more, and do it much more efficiently, than those who only learn it's graphical interface.


So how do you go about setting up deduplication?

For starters, you need a separate disk from your OS boot disk. (you can't dedup c:)

You can install it via the old fashioned GUI:
Go into Server Manager
Click "Manage"
Click "Add Roles and Features"
Work your way down to "Server Roles"
Under "File and Storage Services", enable "Data Deduplication"


or, just open PowerShell and type:
"Import-Module ServerManager"
"Add-WindowsFeature -name FS-Data-Deduplication"

Enable it on a volume via the GUI:

In the Server Manager, select "File and Storage Services", and then "Volumes".
Right click on a volume, and select "Configure Data Deduplication"



or, via PowerShell:
"Enable-DedupVolume M:"

In the next post I will get into the details of Storage Pools. This is a really neat feature of Windows 8 and 2012 that puts the old RAID system to shame.

Tuesday, September 10, 2013

Why You Want Your Next File Server To Be Win2012 - Teaser


Ch-ch-ch-Changes...

There are going to be a few changes around here.

I realized that try as I might, I have not been sticking to the "Practical Tech Tips and Reviews for Everyday Users" in my tag line. In fact I don't think in the 8 years this blog has been going, I have ever written a review.

That tag line has limited what I feel is appropriate to post to this blog, which has meant that some things I might like to post never get posted for fear of scaring away the "Everyday Users" ...but then what I do post is often too technical for that demographic anyway. This week marks a change in the focus of this blog. From now on, I'm just dropping the tag line all together.  I will make no assumptions about who my audience is, and will post things strictly according to what I think is interesting enough, or important enough to share.

I will still try not to just repeat what you can find elsewhere on the internet. Inevitably I will talk about subjects that are being talked about somewhere else, but weighing in heavily with my own views, opinions and experiences. Some times things might get more technical around here than you are used to seeing here, but other times I might just share fun stuff I've found.

I hope that most of my readers will stay, but I am not writing this strictly to entertain one group of people, but because I have some things I'd like to share, and I will share with whomever is still listening.

Visible changes in the immediate future will be limited to just the logo at the top of the screen will lose that tagline. Over time though, I expect the blog content on average will get more technical, but not overwhelmingly so for anyone who already considers themselves a techie or advanced user.

Friday, September 06, 2013

SysInternals

It's been a while since I last posted something truly a tech tip for everyday users.
This is not something ground breaking and way out in the realm of the really techie user. Every user who is even moderately techie ought to already know about this, but for the enthusiast home user or future IT pro who hasn't yet run across Sysinternals (formerly WinInternals) you are really missing out.

Sysinternals has long provided really useful free utility programs for Windows that run with a small footprint and don't leave a lot of mess behind them after they run. You don't normally have to "install" them, just run them.

BgInfo is a neat little tool that will post some useful details about your computer in the corner of the screen so that you have a quick reference for which version of Windows you are using, What CPU your computer has, how much memory, and other details a tech support agent might ask about.

Desktops allows you to organize your applications on up to four virtual desktops so you can quickly switch between groups of applications. Put your Excel spreadsheet and bank stuff on one virtual screen, and facebook and twitter on another...

If you are making presentations often, or have a visual impairment, ZoomIt is a screen zoom and annotation tool designed for technical presentations, but generally useful for anyoone who wants to zoom in on stuff once in a while.

If you have ever run defrag and wondered how to defragment those system files that defrag can't touch, well Contig is there for that purpose.

For the advanced users, some of these tools are particularly useful in troubleshooting problems or investigating security issues. For example, if you needed to know what process is making outgoing connections to a certain IP that you suspect is related to malware, TCPView might help you track down just what program on your computer is doing that. Process Monitor (which is a replacement for two legacy Sysinternals utilities, Filemon and Regmon) can help you track a program's every move.

Some of the tools, like the PS tools and AD tools will only be of interest to pros working in an office environment.

Here is a quick free video course for those interested in some of sysinternals' more advanced tools. (you need a Windows Live/Hotmail login to get there, but that's free too).
http://www.microsoftvirtualacademy.com/training-courses/utilizing-sysinternals-tools-for-it-pros

Saturday, August 17, 2013

Finding The Culprit Of High Bandwidth Use

On Wednesday I was visiting my parents and Dad mentioned that over the last 2 months he'd been seeing some high bandwidth use on his home DSL. Typically in the past they'd never used more than 10-15GB/month because they don't use streaming video and the biggest bandwidth hog is probably uploading photos to Facebook. Lately it has had occasional days where the use has gone up to 5-7 GB in a day.

He had it narrowed down to one laptop because one of those days happened when they were not even home, but that laptop was still on.

Dad is a pretty techie guy, he worked for Honeywell computers out of college and then Bell Canada for a very long career specializing in large business PBX and 911 systems. He's never been afraid of computers. I think he'd rank highly on the MIT hacker test because he actually has programmed with punch cards.



Anyway, given that background this is what I've suggested to him:

Download and install Wireshark from http://www.wireshark.org/download.html
Once it is installed, open a CMD DOS prompt and change directory to C:\Program Files\Wireshark>

Run this command, and leave it running all day. It will record what servers on the internet (by IP addresses) you connected to and how much traffic was sent. This command also tells it to ignore traffic that is between two addresses that both start with 192.168...  thus ignoring anything that is local to your house.

tshark.exe -i Wi-Fi -z conv,ip,ip dst net 192.168 and src net not 192.168 or ip dst net not 192.168 and src net 192.168 > C:\users\public\tshark.txt

Note: you may need to change the "-i Wi-Fi" part to "-i Local Area Connection*" or something else.
Use "tshark -D" to find the list of network interfaces on your computer.

It should print "Capturing on 'Wi-Fi'" then a counter. Meanwhile in the file C:\users\public\tshark.txt it is recording what servers you connect to, if you use CTRL-C to stop it, or just close the CMD window, it will end the file with a chart of what connections it saw and how many bytes were transferred.

example output:
  3.708876 192.168.2.206 -> 65.54.81.79  TCP 74 [TCP Dup ACK 2393#21] 16378 > http [ACK] Seq=1 Ack=2076733 Win=1327 Len=0 SLE=2095609 SRE=2111581 SLE=2078185 SRE=2094157
  3.709305 192.168.2.206 -> 65.54.81.79  TCP 74 [TCP Dup ACK 2393#22] 16378 > http [ACK] Seq=1 Ack=2076733 Win=1327 Len=0 SLE=2095609 SRE=2113033 SLE=2078185 SRE=2094157
  3.710766 192.168.2.206 -> 65.54.81.79  TCP 54 16312 > http [ACK] Seq=1 Ack=1854205 Win=969 Len=0
  3.712005 192.168.2.206 -> 65.54.81.79  TCP 54 16312 > http [ACK] Seq=1 Ack=1857109 Win=964 Len=0
  3.712776 192.168.2.206 -> 65.54.81.79  TCP 74 [TCP Dup ACK 2393#23] 16378 > http [ACK] Seq=1 Ack=2076733 Win=1327 Len=0 SLE=2095609 SRE=2114485 SLE=2078185 SRE=2094157
================================================================================
IPv4 Conversations
Filter:ip
                                               |       <- -="" nbsp="">      | |     Total     |    Relative    |   Duration   |
                                               | Frames  Bytes | | Frames  Bytes | | Frames  Bytes |      Start     |              |
192.168.2.206        <-> 65.54.81.79                0         0    2419    138406    2419    138406     0.000000000         3.7128
================================================================================


Edit: Included a screen capture because Blogger doesn't seem to have any fixed-width fonts.


Wednesday, May 01, 2013

Zombie Awareness Month




Today is the first day of Zombie Awareness month.

As such, I’d like to talk to you about the computer type of zombies.

You see, computers can become zombies quite easily if they are not properly cared for. Unlike humans, for whom there is no known zombie virus, there are a ton of nasty infections that can turn your computer (be it a PC, or a Mac) into a zombie.  Bad folks on the internet intent on using YOUR computer to make THEM money will set up websites designed to download just such an infection to your computers which will in turn allow the attacker to take over the mind of your computer, making it a zombie (sometimes also referred to as a bot).  These zombie computers link into something called a botnet and are then controlled by the zombie master (bot herder) who set up the site that infected them in the first place.

This nasty person bent on controlling your PC to his/her advantage may then send SPAM from it, use it to attack other computers or websites on the internet, run some money making scheme involving lots of processing (like bitcoin mining) from it, log your keystrokes and use what you type to learn your passwords to your bank and other places where the attacker could steal money from you.

The thing about computer zombies is that they have to talk to their master to learn what he/she wants them to do next. A good protection against that is a firewall that can alert you to new programs trying to make outbound connections. Most paid antivirus programs come with such a firewall, newer versions of Microsoft Windows even have one like that built in, and for older Windows computers that don’t, there is always the free ZoneAlarm or Comodo firewalls.

If your home computer asks you if it’s ok to let a new program connect to the internet, that’s what I am talking about. If you see it ask about letting a program you didn’t install make connections, just say no, run a virus scan and maybe a tool like Malwarebytes to search out the source of the infection. If you are not comfortable doing this on your own, seek help from a professional. Don’t let your zombie computer continue to use the internet, nothing good can come of that.

Monday, April 22, 2013

Firefox ProTip: Group your Tabs

One nice feature of Firefox that I thought unnecessary at first, but have recently grown to love, is tab grouping.

At first Firefox doesn't obviously have this feature, you kind of have to know about it to start using it. If you are lucky you might see the tab groups icon in the tab bar (at the for right next to the + for adding a new tab, it looks like this: ) but for most of us, we have to turn it on.

To turn on tab groups, right click in an empty area on the tab bar next to your last tab. For some of you finding an empty area in the tab bar might be a challenge, but it's worth it, trust me. in the right click context menu click on customize.That will bring up a menu full of icons to add to the toolbar, like this:





Find the tab groups icon in there and drag it to the tab toolbar.


Now you can start grouping tabs by clicking that button, which will bring up a window with icons for each of your tabs. Just drag a tab icon off the window into space and it will form a new tab group. Drag other similar tabs into that tab group, and optionally give it a name. You then just click a tab to go back to the normal view and you will find you are only presented with the tabs in that group. You will be able to switch between tab groups by clicking the Tab Group icon, or pressing CTRL-SHIFT-E and then selecting a tab from the group you want.

I use this routinely to keep tabs for some topic I'm researching together and separate from social media tabs that I might also want to have open, but don't need to have staring me in the face.When Somoene comes to my desk asking me for help on something, I create a new tab, quickly hit CTRL-SHIFT-E  and make a new group for it and I am ready to work on that problem and keep it's links seperate from everything else I'm working on. This helps prevent accidentally closing other things when that problem is resolved as I can just kill that tab group and move back to whatever I was working on before.

Give it a try. If you are a tab addict it is well worth trying.

Saturday, April 20, 2013

Bitcoin - Getting Started


I'm sure you've been hearing all kinds of buzz lately about Bitcoin. And coincidentally, I recently put a bitcoin tipping QR code in the right hand menu on this blog.
The bitcoin to fiat currency charts (whether that be $ USD, $ CAD, £ GBP,  or € EU or whatever other currency you use where you are from) had an interesting rise and crash this past month that brought all kinds of attention from news agencies all over the world.



 With all this new attention on bitcoin I think that it's a good topic for this blog, as there are a lot of people just starting to look at it out of curiosity now wondering what it is, how it's used and whether it is something for them.

Bit coin is the first example of what is being called a cyrpto-currency. To keep this explanation simple, bitcoins are a digital virtual form of cash that is stored ina client program called a Wallet. Bitcoin uses a publicly available (as in every machine running a Bitcoin Wallet client has a copy) ledger in which all transactions are recorded. To prevent fraud or accidental double spending of the virtual coins, it uses very complex calculations to verify all transactions in the public ledger. The ledger itself is shared between Wallet clients over a peer to peer network similar to bit torrent, where all of the wallets share new pages of the ledger, called blocks, with each other. At the time of this writing, that ledger is currently about 8GB, and always growing. The official bitcoin client (bitcoin-qt) downloads the whole ledger starting from day 1 a block at a time and re-verifies it all. This can mean that setting up a new bitcoin wallet with a fresh install of this client can take hours, or days before it is synced up with the network and ready to use. There are, of course, ways to short-cut that process, but if one wants to be very careful and trusts no one else there could be a wait of several days to get set up in bitcoin.

To avoid the long delays you can set up an online wallet through a service like My Wallet by Blockchain, or WalletBit. Or if you have an account at Reddit Just send a message to /u/bitcointip and the tip bot on that site will set one up for you, and will even let you use your Karma points on that site to obtain a small amount of bitcoin currency to play around with. With online wallets they are available to use almost immediately, but you are trusting the site owners to protect your money for you.

So, you have some fiat currency (lets say it's $USD) and you want to convert that to bitcoins,  how do you go about doing that? Well, for the average user you set up an account at an exchange like Mt.Gox
or one of the other exchanges listed here: https://en.bitcoin.it/wiki/Trade#Currency_exchanges or, if you are lucky you might find someone willing to do an exchange in person (I hear Craig's List is a place you might look for that)

Once you have some bitcoin money in your wallet sending money is cheaper, easier and more reliable than PayPal. Unlike PayPal though, you cannot complain to a company to get your money back if a transaction goes south. In that way, it's more like cash. once it leaves your hands, you can't get it back through a charge back, you would have to get the police involved if you were scammed. On the flip side of this is that for a seller you don't have to worry about scammers posing as buyers then asking PayPal for their money back claiming that they never got what they paid for.

Where it also acts more like cash (and I think one reason why the client is called a wallet) Like a real life physical wallet, if you lose your bitcoin wallet your money is gone, unless you can find it again.
You can and should backup your wallet, and don't wander around with all of your money in the wallet on your cellphone, only carry what you plan to spend that day. You can have as many wallets as you want.

With a wallet on a mobile phone, transferring money is as simple as scanning the other person's QR code (AKA "3D" barcode) and clicking send.

The nice advantage of bitcoin is that it has low (or even no) transaction fees and you can send an amount that is worth only a fraction of a cent. This enables micropayments in much smaller amounts than PayPal or anyother service has ever been able to do. This can be good for small fundraising efforts on the internet.

Wednesday, March 13, 2013

Dreamhost.com My New Favorite Web Hosting Company

Ok, so many years ago (10+) I first bought my own domain name, and for the first little while I hopped around from hosting ISP to hosting ISP, and finally settled on Media Temple about 8 years ago and stuck with them all that time mostly out of inertia.

Recently (around xmas time) I decided it was time to start shopping around for a better host. One that had cPanel (which is the industry standard control panel these days) and maybe offered better rates or more space, or more database instances.... then around January I noticed a limitation in Media Temple's MySQL setup. Namely I could grant access to my databases to any IP I wanted to use a management tool from, but there could only be 10 addresses at any given time granted access, and those same 10 addresses had access to ALL my databases. This doesn't seem like much of a limitation to most folks, but I had a database I wanted to set up that would be accessed directly by desktop applications being run from my home and a couple of friends' homes, all of which are on dynamic IPs and I didn't want to be constantly adjusting that approved IP list. So I quickly started hunting for a new host.

Along comes Dreamhost, with unlimited bandwidth and unlimited disk space (actually just a high amount of each that is ever increasing, kind of like the disk space limit in Gmail), and unlimited number of domains hosted, unlimited MySQL instances, that each can be managed individually from their own list of approved addresses (including wildcards) and unlimited user accounts so each domain or database could be managed from a different user account if I wanted.

Dreamhost Link


Add to all of that Google Authenticator based 2 factor authentication on the Cpanel interface, and easy checkbox config for domain level Google Analytics so you don't have to drop Javascript into all your pages. Plus the ability to use Ruby and Django (Python) for some of my sites.

They have one click installs of all kinds of popular web software like mediawiki, Wordpress, Joomla, Moodle, phpBB, OpenVBX, ZenCart, and more!

On top of all that, the security guy in my has to remind you 2-factor auth!!! and encrypted FTP, E-mail and web based FTP.  Yes, IronGeek, Adrian Crenshaw also uses Dreamhost.

All of that and it was 1/2 the price I was paying for MediaTemple. They gave a free trial to start off so I could get set up on their servers and play around until I was familiar enough with it to commit with money paid.

If you decide you want to switch to DreamHost use this promo code and you'll save $10 off a 1 or 2 year pre-paid account. RODSAVEDME10


Tuesday, February 26, 2013

Secunia Launches Cloud Based Patch Management For SMB

For all my Small Business friends:

Secunia, one of the big names in Patch Management (software that makes sure your computer is up to date) has just launched a cloud based service for small businesses with fewer than 50 PCs.

Secuina Personal Software Inspector (PSI) has always been free, but only for personal use. (and I highly recommend everyone install it as one of those must have bits of free software)
Corporate Software Inspector (CSI), thier main product line, has always been just out of reach for a lot of small businesses both from a price point and because it requires you to install and maintain a server for it. They recognized this limitation and put together this new Small Business solution.

Read about it here: http://www.net-security.org/secworld.php?id=14476
Sign up for the free trial here: http://secunia.com/products/smb/smallbusiness/

After the beta ends the first 5 machines will still be free and additional machines less than $5/month each.

I have been a user of PSI on my home computers for years and couldn't be happier. Now with this I have something to recommend that can protect small business machines as well.