Trust Your Applications – BizTech Quick Take
Applications Work Better on a Trusted Model
If you find that you spend more time managing the execution and security of your applications than actually using the applications for their intended purposes, then it might be time to move to a trusted model.
Neil MacDonald, a Gartner analyst, argues in a blog post that manually whitelisting applications from a security standpoint is unfeasible. Instead, moving to automation should be the goal for IT staff.
MacDonald identifies a few practical, real-world examples to bring the message home:
- If a file/application/update is digitally signed by an application publisher that I trust, then the entire installation is trusted. This is probably the most common example and is the foundation of Microsoft’s improvements with Windows 7 AppLocker over Windows XP’s Software Restriction Policies.
- If a file/application/update is installed by a trusted process (e.g., software distribution agent) on a system, then the entire installation is trusted.
- If a file/application/update is installed by a self-updating application (e.g., iTunes, Chrome, Firefox), then these changes are automatically trusted.
- If a trusted user/group (e.g., IT admin, departmental admin) installs the application, then the entire installation is trusted.
Read MacDonald’s full post on application control on the Gartner blog.
Microsoft Wants the Rustock Botnet Creators Held Accountable
Think Microsoft isn’t serious about IT security? Think again. After successfully helping lead the charge against the spam-spewing Rustock botnet in March this year, the software giant is putting its money where its mouth is.
At its height, the Rustock botnet infected over a million computers and was capable of sending billions of pieces of spam in one day. The botnet, which operated on Windows PCs only, has wreaked an incalculable amount of havoc, and Microsoft wants to send the message loud and clear that its OS is not to be messed with.
Read an excerpt of the announcement from the Microsoft Privacy & Safety blog below:
Today, we take our pursuit a step further. After publishing notices in two Russian newspapers last month to notify the Rustock operators of the civil lawsuit, we decided to augment our civil discovery efforts to identify those responsible for controlling the notorious Rustock botnet by issuing a monetary reward in the amount of $250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s).
This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it. While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.
8 Guidelines for Teleworkers
In the right environment, with the right kind of work and the right kind of company, working remotely can be a home run for both the employee and the business. But that doesn’t mean that working from home should be a free-for-all. Establishing mutually agreeable boundaries and standards can make the remote working relationship transparent, fair and professional for both managers and workers.
Joseph Mutidjo, a writer for Small Biz Technology, identifies 8 key rules that need to be put in place to make a telework program work.
- Office rules apply
Even though your remote employees are not physically in the office, they still need to adhere to all relevant rules outlined in your employee handbook. For example, if you have defined policies concerning work-related electronic communication, these rules continue to be applicable.
Every business is different regarding equipment policies. If you’ll provide remote workers with all equipment they’ll need to work from home, define rules as to how the equipment should be used. For example, can employees load non-work software on their laptops? Can equipment be used by non-employees?
You may need to ensure your remote staff have a homeowner’s insurance policy that covers using a part of their home as an office. If additional money is needed to accommodate this, determine who will pay the added expense. For insurance purposes, many small companies also stipulate that client meetings not be held in home offices.
Read the full list of 8 remote work rules in Mutidjo’s article on Small Biz Technology.
The AT&T 4G Rollout Is Still Rolling
Mobile users, start rejoicing. AT&T is continuing to roll out its 4G HSPA+ network and recently, 10 new locations were added to the list, bringing the grand total of locations with HSPA+ support to 19.
Many mobile enthusiasts are eager to step into the next generation of mobile networking with 4G, as rich media, mobile applications and social media drive the demand for better, faster network performance.
Read the full story on Gotta Be Mobile to get the complete list of areas where AT&T’s HSPA+ is deployed.
Why the New MacBook Air Challenges the Idea of a Mobile Device
When you think of mobile computing, what comes to mind? Probably netbooks, tablets and smartphones, right? But what about Apple’s MacBook Air? Is the lightweight, portable computing device more of a notebook, or does it belong in the mobile computing family?
Terrance Gaines, a blogger for the Small Biz Go Mobile blog, has decided that with the latest refresh of the MacBook Air, it might be time to consider the device a mobile computing cousin. He cites these new features, among others:
- Lightning fast Intel Core i5 and i7 Processors with speeds up to 1.8GHz
- Flash storage that’s always on and doesn’t need to “boot up” like traditional Hard-Drive storage
- Multi-Touch trackpad that gives the MacBook Air smartphone-like gestures
- 5-7 Hour long-lasting battery that can stay in standby mode for up to 30 days
Find out more about the new MacBook Air and why it could be the mobile solution your business has been looking for on Small Biz Go Mobile.
NetApp Makes the List of Forbes’ Most Innovative Companies
NetApp has put out recognition-worthy products since 1992. Now Forbes has named it one of the “World’s Most Innovative Companies.”
NetApp founder David Hitz was thrilled with the No. 34 ranking on the Forbes list, telling the publication that, in his view, “innovation requires risk taking, innovation requires people to do crazy things.”
In a video interview with Forbes, Hitz talks about the innovative mindset at work at NetApp; watch it on his blog.
Certifications Are Just the First Step
As technology changes, so do the skills that become necessary for working as an IT professional. But just rounding up certifications, like a boy scout collecting merit badges, won’t make up for a lack of experience, as blogger Mitch Garvis points out on his blog.
That’s not to say that Garvis views certifications as meaningless. In fact, he believes that certifications are an important signal to potential employers about an IT worker’s attitude toward his profession. Garvis sums up the certifications vs. experience debate succinctly:
I honestly feel that certifications are an important aspect of an IT Professional’s growth. I do not, on the other hand, feel that certifications alone are proof of knowledge or ability. I would never hire anyone based solely on certifications, and would not hire someone without proof of a firm knowledge of how things work in the real world. On the flipside of the same coin I would probably not hire an IT professional with the real world knowledge but who lacked the certifications.
I have said before and will say it again: Certifications are not proof of knowledge. They are a demonstration that someone has the respect for his or her profession to pursue not only the knowledge but the credentials which attest that they are not simply computer guys, but IT Professionals.
Read the full post on IT certifications and experience on Garvis’ blog.
Make Antimalware a Foot Soldier in the Cyberwar
Don’t take your company’s security for granted. No company is so small that it can avoid taking measures to protect its business data, and antimalware is a critical first defense against malware attacks.
There are sharks in the IT waters, and small companies that float by — believing they’re under the radar — are leaving themselves and their data woefully vulnerable.
“Many SMBs also use their computers to connect to payment, insurance, supply chain and state or federal government systems, making them attractive vehicles for use in staged attacks on these larger environments,” says Jonathan Penn, vice president and principal analyst of technology strategy/security for Forrester Research. “Hackers know they most likely have less security technology in place than their larger counterparts.”
Read more about antimalware for small and medium-size businesses in this article from BizTech.
Find great content from the bloggers listed here and other IT blogs by checking out our 50 Must-Read IT Blogs.