Rich Trouton On Twitter: Deploying Sophos Enterprise Anti-virus For Mac

I work in an environment that has a fairly large Linux desktop fleet however previous jobs rarely had Linux as an option and if they did, it was limited to a few sysadmins. Now that desktop Linux has gained a little more popularity, what is preventing you from deploying it in your environment? Is it:. Software (lack thereof, incompatibility). User comfort. Support tools (lack thereof or lack of knowledge in supporting Linux). Licensing agreement lock in (hands are tied because you've agreed to a multi-year deal with another OS vendor).

Some combination of all of the above? First off, this has been done.

Jun 21, 2016  And these faces change as they are moved and combined. While Bta-6030 Bluetooth Dongle Driver has all the sleek user interface touches that you’d expect from an Apple app and a broad set of features on paper, I was a bit disappointed by what feels like a constrained range to its tools. BTA-6030 BLUETOOTH DRIVER FOR WINDOWS MAC - If the remote device does not have the service, connection will fail. Pass Key Paired devices share a unique Pass Key also referred to as Link Key, by which they authenticate with each other when connecting. Bluetooth dongle adapter driver.

Seriously, the City of Largo in Florida has been running on Linux servers for over 6+ years, supporting hundreds of city employees. This is hardly a new topic, either. (keep in mind that the book is several years old, and many references are probably out-of-date). It can also be used in a small business environment, as witnessed by the Ernie Ball Co., which. Addressing each question:. Software (lack thereof, incompatibility) More often than not, there is some specific package that has been 'grandfathered' into the system in some pseudo-critical role.

At my own work, I can think of at least 2 Microsoft Access databases that would require a complete re-write in a different language with a different set of conditions. As for 'lack thereof', that's a function of how deep a niche role some software package will play.read my responses below. User comfort Never underestimate this. You would not believe the number of end-users that will throw a fit to actually keep the environment they have, no matter how crufty, old, poorly designed, frustrating, or labor-intensive it is. In fact, the longer the end-user becomes accustomed to the interface, the more resistance they will have to learning a new one, because there is a substantial existing investment of their own time in the interface they already know. Support tools (lack thereof or lack of knowledge in supporting Linux) I don't think this is an issue.

The environment has been around for so long, and so many admins have tried this on their own time, that there is little (if any) lack of qualified applicants for both junior and senior sysadmin positions. Saying there is a lack of support tools for Linux is roughly akin to saying 'I can't Google an answer'.

There were - and still are -. Licensing agreement lock in (hands are tied because you've agreed to a multi-year deal with another OS vendor) This is probably a function of the size of an organization and the amount of software that they purchase. In those cases where there are few users, per-license or small batches of licenses are purchased on an as-needed basis.

In much larger organizations, it's very tempting to sign a 'faustian bargain' to get a 3-year contract covering thousands of desktops at a steeply discounted rate. Some combination of all of the above? There are many synergies involved (please do not stone me to death for using that overhyped buzzword.) If you were to migrate an organization - of any size - to a pure-play Linux/BSD/OS X platform, I think you would have to cover the following aspects to make a successful transition:. External Cultural Inertia (Management).

Management has been signing over thousands of dollars each year to 'buy' something that has tangible value. Convincing them that they are getting the same value with something that comes free is a hard pitch. There is a definite psychological link between the sense you've purchased something, and that it has some intrinsic value. This of course has been fully exploited by the industry for decades and as anyone who shops around knows, 'buyer beware'. External Cultural Inertia (End-Users). Users are a big bundle of mystery waiting to become an explosive backlash of 'where's my files', 'I can't click the link', 'this used to work', 'my printer settings didn't come back' (true OpenOffice story from the 1.x days), and my all-time favorite, 'but the button in the toolbar used to be over there, now it's here?

I can never find anything!' So many of them have settled into a culture of 'don't know, don't care, don't want to go there' that explaining that the summation button in OpenOffice is the same Excel symbol in a different location is just not enough. They are doing things by muscle-memory and single-step handwritten checklists, and moving something just one pixel too far is asking them to change their world. If your organization is 'young', or you have fluid staffing requirements, you can probably get away from this headache. If it's established, with employees that have been around for years (or decades!) then you're going to encounter fierce resistance. Internal Cultural Inertia.

Your existing Windows sysadmins have been weened on multiple-inheritance access control lists, multiple GUI paths leading to the same result, and a habituation to working with 'opaque' software that consists of 'black box' lumps of code. Moving them into a culture where the permissions hierarchy is significantly flattened, there are multiple ways to arrive at a result from a (GASP! The horror!) command line, and the software is so transparent that they themselves are tempted to modify it, will be a huge culture shock. Some old-timers may actually be in disbelief that it is legal to actually copy the same software they are installing on their servers and take it home (yes, it's true, you can really do that, no really, it's ok, the BSA won't care.). Exchange. Getting off of Exchange is roughly akin to getting off of crack cocaine.

There are so many organizations that are so inured, so hopelessly dependent on the system, that they will fight to protect it. I say this with all sincerity. If you can at least replace the calendaring/free-busy/shared contacts portion of this, then you'll have fought only half of your battle. If you are using shared folders, custom forms, or other mucky-muck, you're pretty much in deep. Email, no matter how old it gets, still remains one of the silent killer apps of the internet - why else would you interface just about everything else - including websites - to such an archaic technology?

Fuse this with irreplaceable contact information, and a TODO list about a mile long that is critical to keeping your job, and you suddenly realize that Exchange has your organization tightly held by the (censored-to-avoid-offensive-posting-votes). Microsoft Access. This little nugget will cause no end of heart-ache. Excel, Word, PowerPoint, those are down pat, but Access.Access is the fly trap of file-based database containers. There are a handful of tools to get the data out, but the key value of Access is not so much its use as a (abet crummy) database container, but rather, the forms, code, and reporting that come with it. You'll need to replace it with something that can provide forms, code, and reporting in a coherent package. And there aren't many of those packages around.

This is a ticking time bomb. Any internally-deployed site within a large organization that uses ActiveX has pretty much fused themselves to a Windows platform, for better or worse. By the way, ActiveX often implies that you'll also contend with. Internet Explorer. For anyone who remembers the bad old days (version 6 and prior), enough said.

Proprietary one-off software packages. If you have one of these, all bets are off. You know these when you see them, those packages that no-one else has, you paid a bundle of money to a niche vendor with no competitors, the software requires specific (outdated) versions of additional libraries, it is typically poorly written, crashes often, and the end-users are delighted that they can now click a button and it makes magic reports.

In the end, it's not about 'superior technology' or 'return on investment'. It's about people and their inability to deal with change. @LEAT: Switching to Linux for cost savings is a tired mantra that's been repeated to get discounts on Microsoft licensing. If you're serious about switching to Linux, then you have to change your mind(set) with regard to how software and services are selected, acquired, maintained, upgraded, and obsolesced. In essence, the entire software lifecycle changes because the basis of what you are doing has changed. As long as you cling to your existing concept of what it should be, it will /never/ be a successful solution for you. So is it the wrong solution?

That depends on many other factors. – Jun 8 '09 at 17:37. @LEAT: so to wrap it up: from your point of view, it will not now nor never will be, a potential candidate. And given some of the (strange?) comments I've seen posted on this topic so far, I don't think it will ever be ready for you. There's nothing wrong with that.

You've got something that works for you. Make it shine! Me, on the other hand, I've got my feet in /both/ worlds, and like there's a reason for each season, there's a time for each platform. So choose what works best for you, not what dogma is right. Choose wisely. – Jun 8 '09 at 17:52.

Well I'll say why I wouldn't deploy a linux desktop fleet above Microsofts products, as of 2009 anyway:. Management on a large scale - nothing even close to Group Policy or Active Directory for Linux. Usability - most users will be completely lost on a.nix system. Re-training several thousand people just to use an OS is not a trivial or cheap exercise without some proof of massive benefits.

Application support. Many systems in the corporate world are written for Windows. While some of the newer ones have had the foresight to develop in Java and therefore be cross-platform, there are many that havent. Total Cost of Ownership. An often bandied about term but it's true. If an XP license costs $300, that may only be a days wage for a person. If that person needs a days training to learn a different OS, and then a week of impaired productivity as they get used to it, XP has already paid for itself a couple of times over.

Most people are also familiar with Outlook. An Exchange standard license costs around $700. Divide that among the number of users and, again, it pays for itself in preference to training users to use another tool. Most end users just want to use the tools they know to do their job. Giving them the tools they already know how to use, even if they cost, is almost always going to be cheaper than re-training them to use 'free' products. What is preventing us from deploying Linux desktops in our company? We're all using Macs already;-).

I do have a somewhat unique perspective. In the four companies I've worked at in the last 10 years of doing professional system administration (including IBM Global Services), I have had the option of using a Linux workstation, and did. Not to say this wasn't without struggles.

Company One First company out of college was a Unix/Linux backup software company. The CEO mandated that since we develop software for Linux, everyone including nontechnical people had to use Linux as their desktop. He didn't exclude himself either, and he was very much not technical. Now this was in 1999-2000 to give a frame of reference.

Desktop Linux was not sophisticated. GNOME was a very immature environment, and KDE wasn't much better. Hardware support in Linux itself wasn't near as good as it is now. Challenges-.

Streaming video. While rare, some of the stuff the marketing team worked with was Real Networks, and RealPlayer was spotty. I spent at least 2-3 hours a week re-explaining how to do things on Linux to the marketing team. I hate printing on Linux.

Its not actually a lot better now than it was then, except maybe the tools are better. Printers suck. Oh and thats not Linux specific. Office applications.

Microsoft Office was of course the primary app used in the business world. We used StarOffice, and I hated it. Probably due to printing problems. Company Two This was IBM!

Rich Trouton On Twitter: Deploying Sophos Enterprise Antivirus For Mac

I worked as a system administrator in eBusiness, and since late 2000, IBM has maintained an internal Linux deployment stack, which installed all the IBM required software like the labor claiming tool, the printing tool (heh!), Lotus Notes (w/ WINE), Lotus Sametime, and the VPN software. This 'distribution' went through many iterations and got really good by the time I left IBM in 2007.

It was rough but usable for several years, but with Lotus Notes 8 and Lotus Sametime having 'native' Linux clients (read: Java-based), it was actually about as usable as Windows (which I don't consider usable:-)). Challenges-. Printing again. Even though IBM has sophisticated printers and tools for configuring them, printing still sucks. Lotus Notes. This was primarily an issue with Notes itself being a heaping pile of garbage:). When they went from being an unofficial (but developed internally) WINE stack to a Java client, this got a lot better.

I still hate Notes though. Lotus Sametime. The native Sametime client on Windows was (is?) horrid. There were several internal projects including a perl/gtk program, a couple trillian plugins, and a GAIM/Pidgin plugin. Eventually they went with a somewhat decent, usable client with 7.5.

Office software. This is primarily IBM hanging onto Lotus products for dear life. There were no open office plugins to convert, at least until the open office integration into Notes 8. IE only CRM. One of the ticketing tools we had to use was a Siebel CRM which didn't work with any browser except IE6. Further, if a certain critical patch were installed (which was auto installed by the IBM patch manager, it wouldn't run.

Full of fail and lose. Unique IBM challenges. Such as the CRM issue above, but others as well, too numerous to iterate here:-). Company Three I worked for a security training company that uses Linux for all the company infrastructure and backend support. All the admin staff used Linux either as primary workstation OS, or secondary workstation. Adoption of Linux for non-sysadmin staff probably resembles the challenges faced by other companies.

Challenges-. Prevalance of Outlook and shared calendaring, but actually a lack of it! Because the company is security focused, they are 'we must own and control everything' focused.

We didn't have an Exchange server, shared calendaring in effect really just didn't exist. During the infrastructure upgrade I was hired on mainly to work on, we installed Zimbra, and while the user migration from the old email to Zimbra took place after I left, I heard it was a smashing success and the shared calendaring in Zimbra was very popular feature indeed. Office software. Particularly PowerPoint presentations. All the training materials were written by the courseware authors primarily in PowerPoint.

There really isn't an equal on Linux. User training. Most people were used to Windows from their home systems and other positions, so retraining 100 people would have been cost prohibitive.

Company Four Ah, the company I'm at now. We all use Macs. We use Google Apps, so no shared calendaring woes there, no client access license costs (though probably a per-user cost, which is much less than Exchange!). We thrive on open source software (we're an open source company!), and of course for those that need it, Microsoft Office (or iWork) is available anyway.

I'm not one of those people, so it's wonderful being 100% Microsoft-free for work purposes (I still use it for gaming!). I've noticed as I get more exposure to the startup world, many more startups are using Macbooks + Google Apps the win. Linux servers are usually a cloud node running the web site, code is hosted on GitHub (public or private repositories), DNS is outsourced. End Thoughts So while many people point out the 'more obivous' reasons why Windows stays its ground and Linux is not as widely deployed, there are fewer challenges to switching now than there have been.

Many of the arguments against Linux are unfounded to those in the know anyway, TCO being the biggest argument, since thats what Microsoft spends billions of dollars of marketing FUD spreading. TCO is a subjective answer to an issue of diverse topic, IMO, because while models can predict costs, they don't always hit the exact problem space of every company. Just because A (GIMP) has feature comparability to B (Photoshop), does not make it sane or economic to replace B (Photoshop) with A (GIMP). As mentioned elsewhere in the comments, if it's going to cost you x times the value of your employees time to retool/retrain them for FLOSS 'A', it's insane to charge your business/customers because you have a new religion. Your primary religion in business is servicing your customer cost-effectively so you and they can make a profit. Otherwise, drink the kool-aid. – Jun 22 '09 at 12:14.

People want to use software packages, they do not want to use a specific operating system. Just like games sell game consoles, applications sell platforms to run them on. Forcing a skilled artist to replace Photoshop, Illustrator or Maya when they have tens of years of experience isn't exactly efficient unless the software and user is doing basics like Office data entry, support or basic analysis and management (even if Blender with the fugly UI mostly hidden happens to be a relatively painless substitute to a skilled hotkey-navigating Lightwave user) ^^ – Sep 1 '10 at 10:39. It all comes down to one word. Linux is not currently a good value, even though it is 'cheaper' than the competitor.

Companies are concerned about quarterly costs and revenue. Therefore, especially in this economy, they're not willing to take a huge financial hit to train new staff so they can save money over 5 years.

If they don't save money NOW they won't be there in 5 years. On top of that, not only will they have to train staff, they will have to put up with reduced productivity and 'growing pains' of learning how to use the new products. That also hurts the bottom line. The fact is, and perhaps ironically, a downturn economy is not the time to be switching to a zero license cost product. But then again, a good economy has no reason to switch so it's a catch-22. Even if you factor in the costs of virus removal, anti-virus, anti-spyware, etc.

Those are costs that are amortized over many quarters, not a gigantic hit upfront. That doesn't even begin to take into account all the vertical software out there that has no Linux equivelent. All that VB code will have a hard time being ported to Linux. Sure, you can use a VM, but then you're still paying for your windows license on top of all the costs of migrating. A lot of us 'think' there will be much savings since we won't be paying hefty M$ taxes, and server license/support/update/patch agreements for a bunch of services, but we don't actually have much data to back that up, nor we have the leadership needed for such an 'out of the box' thinking. We need a visionary who'll able to convey the practical and financial solutions that Open-Source provides.

He/She not only needs to convince administration, but his/her own team. The way I see it now, in my department, maybe the best solutions is to find an outside consultant who could lead/manage such a project, but that is also not practical since we're really talking about 'customized' solutions which would be pretty expensive by itself. We're not there yet, but doesn't mean we will never get there.

Many reasons:. Employees must be trained again. Case sensitive file systems + unexperienced users = disaster; i have seen dozens of files like 'scholarship.ods', 'Scholarship.ods', 'scholarship.ODS' - they simply cannot understand this, and end to send always the wrong document via email. No microsoft office - clients always come with documents using microsoft-specific features, so we cannot open it with openoffice. customers will think 'hey, they use linux because they cannot afford windows licenses' and so on. Applications, applications, applications!

When a company has significant investments in Windows-only software and devices and the training that goes along with them, it will never be cost-effective to make a whole-company change in platform. The Windows license cost, included in the price of a new machine, is miniscule compared to the expenditure required to change tens or hundreds of applications and retrain users. It may be feasible to move some machines to Linux if the number or type of applications is limited, such as in a single department or for kiosks; however, why increase the number of platforms and associated administrative burden for a small number of deskops when you are already supporting two or three versions of desktop Windows in the rest of the company, and when the existing solutions works fine? Linux as a desktop operating system is only viable in corporations that already have Windows-based systems when the following is true: cost of replacing all Windows-only applications + cost of administrator training + cost of user training.

Believe me when I say that we're working very hard to try to fix this issue we're seeing with 'Shh/Updater-B', and are diligently trying to respond to all folks across all the various forums. Tech support, within my spitting distance I should note, is working very hard to take your calls. Please note that was aggressive detection on our part.

You are not infected with malware. Our labs are in final Q/A of an update to resolve the issue to make the alert go away for our customers that are affected. We very much apologize for the inconvenience, but the update will be out shortly and the false alert will go away. Will update as we learn more. UPDATE RED NOTIFICATION - False Positive detections with ssh/updater-B - UPDATE 15:11 PDT As the False Positive can affect our own binaries, in can in some instances prevent both SUM and SAU from being able to update. In these situations the following instructions can be used to workaround the issue, download the fixed IDE, and propagate it to all endpoints.

SUM unable to update If SUM is unable to update it is probable that files in the warehouse are failing to be decoded as they are being falsely detected as Shh/Updater-B. To workaround this issue and successfully download the IDE file that fixes this issue follow these steps: 1. Delete agen-xuv.ide from C: Program Files Sophos Sophos Anti-Virus C: Program Files (x86) Sophos Sophos Anti-Virus 2. Restart the 'Sophos Anti-Virus Service' 3. Update SUM via the Sophos Enterprise Console Endpoints unable to update If customers have endpoints that are unable to update due to the false positive issue the following steps can be taken to get the fixed IDE to them: 1. Centrally disable On-Access scanning via policy in SEC 2. Select Groups in SEC and select 'Update Now' 3.

Once a group has updated re-enable On-Access scanning via policy in SEC. I almost did not renew my Sophos Subscription at the beginning of this year. It will certain end now. This is horrid! You post an update without full quality testing that Quarantines every updating service on my network, including yours (??), and then say you are working hard to get a fix out?

How many hours to do you expect us to eat in fixing your massive SNAFU? Last week GoDaddy caused bad blood with their customers through a 'SELF-DENIAL Attack'. Looks like SOPHOS has now writtent the template for 'How to discard your entire customer base in one fell swoop'. Sorry, but sorry and we are trying just isn't enough, ever. Hi B2BYTE, I'm eager to try to help you in any way I can with this horrible incident.

We have pushed out an update and workarounds for this scenario and have been real-time responding to customers' questions via Twitter, and I've also been trying to keep my eye on our various channels. Again, this was an egregious error on our part, but we're certainly going to do everything we can to make it right with every single one of our customers who have been wrongly affected.

We see a lot of customers who are back up and running. Can I help you?

B2BYTE I don't think a knee jerk reaction to move away from Sophos will necessarily mean you don't have to deal with anything like this again. Just a couple of days ago i had to help someone out when a McAfee update killed their internet connection (see ). Don't get me wrong, this was a major. up by Sophos and i think they need to have a think about their lines of communication. I managed to sort my network out last night by finding in the sophos forums. I thought Natan@Sophos did a fantastic job and should be praised for helping as best he could.

I shouldn't have had to google to find a forum thread though. This should have been on the front page of the website with a link to the KB article, which in it'self should have been updated more quickly as fixes for the problem became available. We've all messed up at one point or another, i'm glad my employer didn't decide to change his IT manager as a result.

I still believe Sophos is the best AV out there. As long as they learn from this and it doesn't happen again! Simon2872 wrote: B2BYTE I don't think a knee jerk reaction to move away from Sophos will necessarily mean you don't have to deal with anything like this again. Just a couple of days ago i had to help someone out when a McAfee update killed their internet connection (see ). Don't get me wrong, this was a major.

up by Sophos and i think they need to have a think about their lines of communication. I managed to sort my network out last night by finding in the sophos forums. I thought Natan@Sophos did a fantastic job and should be praised for helping as best he could. I shouldn't have had to google to find a forum thread though.

This should have been on the front page of the website with a link to the KB article, which in it'self should have been updated more quickly as fixes for the problem became available. We've all messed up at one point or another, i'm glad my employer didn't decide to change his IT manager as a result. I still believe Sophos is the best AV out there. As long as they learn from this and it doesn't happen again! We really appreciate your guys' support in during this very trying time (for both you guys and us).

Posts like these definitely reiterate that we have the best customers on the planet. We look forward to making things right again. RichB - NS wrote: why no email to clients? I much would have preferred to come in early and fix this mess, than to have a shitstorm of employees waiting at my desk at 8AM.

Hi Rich, We're very sorry for the issues caused by Shh/updater-B issue. We have been proactively posting in the knowledgebase article to ensure we can give as frequent updates as possible rather than multiple email communications. A thorough email communication is going out today.

In the meantime, if you need any more info, please check the article here: Once again, we're sorry for the havoc this may have caused. And of course, please feel free to reach out to us via Twitter @SophosSupport. Kim, I do appreciate the dedication of you and of Sophos in general to rectify this problem. To address another post above, I would not 'knee-jerk react' to this incident. My quesions about the integrity of Sophos began 15 months ago regarding some gaps in the Sophos coverage. The latest occurrance must weigh into any decision.

My network has generally been okay with your soution, but I have always had concerns with both Enterprise Console and client functionality. Some are aspects I can live with, as a pain for administration but less painful at the client level.

I am simply amazed that Sophos did not have sufficient testing and quality oversight to prevent this problem. Please address how your customer base, moving forward, can be assured that Sophos is addressing their process control. Remember, we recognize that at any time a serious vulnerabilty can appear in the wild and spread like cyber-fire. Rapid response to overcome such an event impacts all major security providers.

This is the nature of the beast. BUT, self-inflicted events like this must put the general quality of your business in question. I look forward to hearing back on what you will do to improve.