Check out www.virusbtn.com for their VB100 comparison of antivirus solutions. Avira free comes out ahead of the majority of the best known commercial offerings.

One might think that the jurisdiction is that in which the damage occurred. i.e. if the servers were in the US, that is where it lies. This is simply an international attack, the same as mailing a bomb from one country to the next.

There is a far too prevalent belief or ethic amongst the techno-educated from the former Soviet republics that it is their right to take advantage of whoever is 'stupid' enough to be vulnerable to their skills. This needs to come to an end. The Internet is not the cyber wild west. I am not saying that the US should be the marshal, let Interpol do it, or whoever. It just needs to be done.

First, to prevent morons who are unable to distinguish the difference between culture and race labelling me as racist, I am speaking about culture.

IMHO and experience, Russians and the PRC are far more willing to take risks with human life than Western Europeans and North Americans. Add this to their desire and know-how and you have a better environment for advancement.

The Russians and PRC will be slugging it out over the Moon, Mars, and the asteroid belt while NASA is still dithering over the shuttle replacement.

Isn't it interesting how stuff like this sticks in people's minds and they seem incapable of evaluating new data and reevaluating their stance? The longevity of opinions like this seems to increase when there is some cute catch phrase involved, such as "Deathstar" in this instance.

"To stay young requires unceasing cultivation of the ability to unlearn old falsehoods."
  -Robert A. Heinlein

Falling back to metrics is a lazy manager's way of proving to her superiors that her drones are operating at peak efficiency. The most lazy of all will rely on utterly meaningless metrics such as the number of help tickets closed per day, per individual per day, etc. A metric such as this is completely useless as all tickets don't require an equal amount of effort to complete. Diagnosing a problem due to an intermittent hardware issue doesn't take the same amount of effort as helping a user change their password. Unfortunately these types of issues generally comprise the vast majority of tickets generated and therefore often end up being the ones that are 'measured. ' This often leads to a drop in morale and thereby negatively impacts performance; ironically the opposite of what the whole exercise is attempting to accomplish.

Trouble ticket data is primarily useful for detecting trends, thereby helping an IT team appropriately focus their human capital on issues that will enable their users to be more efficient. Going back to the password issue above, the speed and alacrity with which the IT staff help users change their passwords isn't a useful metric at all. A more meaningful metric would be the frequency of password change requests before and after the installation of a self-service password reset solution that was put in place in response to the analysis of help ticket data that showed that this was one of the most frequent issues and one that could be easily solved with little effort and financial expenditure. Measuring a sharp drop in password reset requests would show that the solution worked and was therefore beneficial to the organization by enabling users to help themselves, resulting in their having more time to concentrate on their primary tasks, and also by allowing IT staff to allocate their resources on issues that are less amenable to resolution via automation.

Unfortunately, in my experience, ticket systems get used to determine useless metrics such as the first example mentioned above, and therefore end up being the bane of IT staff, rather than a useful analytical tool.

Graft and corruption is endemic in Chinese society, so this is more of an opportunity for the newly employed to line their pockets with money from bribes.

RSA should never have allowed systems containing anything related to SecureID beyond marketing data be connected to a network with an Internet connection. SecureID development should have been restricted to a physically separate (air-gapped) network.

Why would I ever want to trust any security company who would make such a fundamental mistake?

It's not science or tech-oriented. If the decision threshold is merely whether or not an article could pertain to a 'nerd' why not post articles about knitting, beach fashion, proper cleansing before performing analingus, and all manner of other inane non-tech-related crap, with no editorial focus. This will speed Slashdot's decline into irrelevance as the editors post every bit of drivel that is submitted. IMO this is what has been happening to Slashdot over the last few years. Evidently our perspectives are different as we apparently have disparate histories when it comes to observing Slashdot.

WTF? Why is this story on Slashdot? How is this news for nerds?

At least this isn't as bad as the Russian fairytale story that Timothy posted the other day.

Yup. Check out this Wikipedia entry. The second paragraph is the most pertinent.

http://en.wikipedia.org/wiki/Classified_information_in_the_United_States#Proper_procedure_for_classifying_U.S._government_documents

Assuming the .pdf available on MSNBC's website is the entire document there was no need to mark pages as "UNCLASSIFIED" as the document didn't contain mixed classified and unclassified information. However, documents discussing sensitive subjects are often marked "UNCLASSIFIED" to assure the reader that the document is indeed free of a need to be protected. To make things worse, each individual site's organization responsible for insuring that information is properly protected disseminates its own interpretation of the rules. This 'guidance' often leads to confusion, unnecessary additional procedures or requirements, and improperly protected information. The perpetuation of this foobar situation is often due to the fact that most consumers of classified information don't actually take the time to read the actual, original, orders of their department's organization responsible for information protection. i.e. the original Dept. of Defense or Dept. of Energy order.

Recall the Los Alamos lost hard drives incident (http://articles.latimes.com/2000/jun/17/news/mn-41946). This debacle caused a huge knee-jerk response across the entire Department of Energy and its contractors. New interpretations of existing orders were co-mingled with new rules coming down from DOE that led to chaos. Believe me, it wasn't a very fun time to be a system administrator. Rules that were created to protect paper documents were being forcibly applied to computer hardware because of the political knee-jerk reaction from On High. Imagine being forced to put classification stickers on each side of a LTO or DLT tape AND it's container. Now imagine what the stickers resulted in when said tapes were put into a library and it's autoloader attempted to manipulate it. Arrggh. This is bringing up old, forgotten, nightmares. Excuse me, I need to go take a sedative now.

In the U.S., Unclassified is indeed a classification. It is a marking/classification stating that the information has no need of protection or release restrictions. If you are speaking as an individual familiar with document marking procedures of the Federal gov't, you have obviously forgotten your security training.

However, the point you are trying to make is very valid. The reporters at MSNBC to whom such a document would most likely be passed should be well aware that the document has no release restrictions, and their receipt of the document shouldn't be described as a "leak." This is surely another case of irresponsible journalism. The media needs an audience to make money, and inflating a story is standard procedure. Of course I wouldn't expect anything else from MSNBC; MSNBC is the liberal version of Fox. While they may not foam at the mouth tor mix politics with news reporting to the same degree as Fox, MSNBC shouldn't be labeled as a news organization, but rather an editorializing organization.

OK, so the OP asked about 1000 desktops, but I thought I'd say something anyway. Our server team decided to do this. It started out with a few in-house-built custom servers because we couldn't get what we wanted from Dell. We settled with Supermicro as our MB supplier as they hands-down have the best selection of server/workstation MB's, and are much quicker at including newer tech that the likes of HP, Dell, IBM, etc. As it came time to replace more and more servers I identified a vendor that would build our machines with the parts we wanted burn them in. We kept a handle on the different types of motherboards we used as we were stocking spare parts, and had other support benefits. Plus, if we needed something from Supermicro or our server vendor they both were only 30-40 minutes away. I want to see Dell or HP provide that ;-). It was great.

Another benefit came from the fact that we worked in an area where classified work went on, and not having to escort Dell techs was also a plus. Of course we had actually stopped doing this years ago because it was almost impossible to get someone into the classified area in four hours, so we ended up changing our Dell purchases to four-hour parts only support; but I digress.

We also could consistently beat Dell pricing even for our Windows servers (due to an M$ enterprise agreement the lab had). Dell charges an arm and a leg for memory and hard drives, so this was generally where the big savings came from.

OK. The point is that what we did could be scaled up easily. All it takes is a team that knows what they are doing, doesn't go config-crazy and use every motherboard under the sun, etc. Identify what your users do and what their needs are, create your configs from this trying to keep as few as possible, create images as a vendor won't want to deal with install scripts, buy some spare parts, and you're done. Shampoo, rinse, repeat at whatever interval meets the requirements of your environment.

We actually tried to do this with our Linux desktops as our server team handled all the Linux support short of actual desktop/user-facing support. We got shut down because of the byzantine rule that all non-Apple desktops and laptops had to be Dell.

What the Russian gov't is doing to the political opposition is criminal. Odds are that M$'s motives aren't pure as I'm sure someone, if not the originator of the idea, knew M$ would get good PR in the West for their actions. If one grants that their ulterior motives are impure it only underscores the beauty of what M$ is doing: Giving the Russian gov't a dose of their own medicine. What M$ is doing is along the same lines as Russia in that they are both doing something that they know will get good PR in the West but with 'hidden' self-serving ulterior motives. Russia deserves a dose of its own medicine. Kudos to M$ for poking the Russian gov't in the eye, even if M$ gets some benefit from it!

To those who point out the possibility/fact that Russia will just find some other pretext to appear to be legally cracking down on the Oligarchy's enemies, this doesn't mean that simply rolling over and giving up because that could/will happen is the correct course of action. If the opposition does that, then Russia will just continue to be the frakked up entity it has been since at least the time of Kievan Rus'.

I'm unemployed, and don't enjoy being taunted! ;-)

Yeah, sleepy. It was 0504 and I hadn't slept yet.