This isn't exactly new. Theft of waste oil has been happening for years...

My thought, too...

Hey, might as well let the system do something else during off hours.

Mining Bitcoins would help pay for (at least part of) the whole setup.

XP is scheduled to go end of life in 2014. (See http://support.microsoft.com/lifecycle/search/default.aspx?alpha=Windows+XP) Corporate IT is going to have to start upgrading/replacing XP desktops over the next 3 years to Windows 7 (and maybe Windows 8). Win7's first service pack just issued a few weeks ago. So the whole "wait until the first service pack" crowd doesn't have an excuse anymore. (And we'll ignore Vista. It's best to ignore it. Do not speak it's name lest ye offend the computing gods.)

And at this point Windows 7 is probably a better OS that XP - although it does require beefier hardware and definitely more RAM.

So, yes, the majority of corporate systems are still on XP. But that is going to change over the next 2-3 years. Corp IT isn't going to have a choice, eventually, if they still want security updates/patches. And any IT department that ignores the lack of patches for XP after 2014 is utterly negligent. So time it's time to at least have a grand XP to Win7 upgrade/conversion on your radar, like it or not.

So IE9 (and IE10, etc...) might not be relevant for corp IT right now. But it will be. Don't ignore it.

If you're doing searches on Google that you wouldn't want your government to know about, then you should be taking some counter-measures (proxies, Tor, only using public locations that can't tie to you directly, etc.). Your paranoia on this should be a function of the repressiveness of your local government. So if you're in China, or Egypt, be very careful when you start searching on political issues...

In the USA, not so much as long as your searches aren't involving criminal or terrorist plots. Beck is taking that too far in the USA, despite the very strong ties between Google management and the Obama administration.

And this would apply to *ANY* search engine. Search engine companies can be forced to comply with local laws. Search accordingly. Protect thyself in anonymity when/if needed.

Having a Windows domain controller with centralized authentication is YES going to save your sanity, and your security.

1. Centralized authentication, so you as the IT guy can get on any machine no problem.
2. WSUS -- so you can actually get all your systems updated with MS updates, and keep them updated.
3. Login scripts and Group Policy -- so you can keep your other software updated. (And standardize settings. And make rolling out new computers MUCH faster.)
4. You'll then be able to get centralized/enterprise antivirus as well to keep your system properly safe.

If you have to update your software manually, and have more than 5 or so systems, you will NOT be keeping them up to date.

Yes, this costs more. Yes, this requires more upfront costs, time, effort, and learning.

This will also save your ass if you grow, as workgroups don't scale unless you have lots of cheap IT labor.

And it will save your ass from viruses/malware infecting your network.

In the long run, you'll spend a LOT less time maintaining a network of interconnected machines vs. "island" systems.

And don't host your web server locally unless you have a REALLY good reason. Hosted web sites are cheap commodities. Even if you need specialized software, you're probably better off with a hosted (maybe virtual) server. You're unlikely to have the huge and redundant bandwidth of a hosting provider.

And unless you need Exchange, Google Apps standard is an amazing bargain (free!).

And don't use laptops for users unless they're really needed. Laptops are much more likely to break or get stolen. Users do evil things to laptops. And they're slower and more expensive.

And avoid wireless keyboards/mice... Wired ones just work. Boring, but they work. Wireless ones quit, have dead batteries, and users can never figure out how to reconnect/pair them.

OK, we should untrust CCNIC...

Unfortunately, the ways posted so far are all manual. I'm an IT consultant and manage Windows/Linux networks for multiple companies. I need to be able to untrust CCNIC (and maybe Entrust.net as well...) for all computers on these networks.

Ideally, whatever script, group policy, etc. employed should:
1. check to see if CCNIC is trusted in Firefox, and if so, untrust it
2. check to see if CCNIC is trusted in the OS itself, and if so, untrust it.

And yes, this is a problem apparently on just about all OSes. I really just need a way to do this on Windows XP or greater and Ubuntu, although this problem seems to exist everywhere.

- Matt Borcherding

Porn (especially kiddie porn), torture videos, etc. (the really nasty stuff) etc. should be blocked in most businesses. If you don't, it's a sexual harassment lawsuit waiting to happen.

Yeah, I don't care that someone is jacking off to gay furry porn (if his office door is closed and locked...). But others might. And they might sue. And have a reasonable chance of success.

Warez sites and P2P networks actually fall into both the security and legal bins. And yes, these should be blocked, too. (These tend to be incredible bandwidth consumers to the detriment of all other users. The sites are often filled with viruses and malware. And your company is opening itself up to copyright infringement suits. Yes, you should block this stuff.)

So my take:
- Block malware and any other SECURITY threats
- Block any LEGAL threats

On the legal threats, you will probably need to talk with management or the company's lawyer to set what should be blocked or not.

Other than that, let them goof off a bit. It's good for morale. People need to vent a bit. (And if they're goofing off too much, reprimand or fire them!)

The list of antiviruses that are totally free for business is pretty slim. Most free antivirus programs are only free for personal usage.

Security Essentials isn't free for business, just home businesses. Sorry. I wish it was totally free. But most free AV isn't supposed to be used by home businesses either, so Microsoft is actually a bit more open than most AV companies. (Imagine that...) Security Essentials' license information here:
http://www.microsoft.com/security_Essentials/eula.aspx#mainNav

"You may install and use any number of copies of the software [MS Security Essentials] on your devices in your household for use by people who reside there or for use in your home-based small business."

ClamWin (which can't do realtime scans), Comodo, and PC Tools are all OK for any use (commercial or personal). Comodo is probably the best of the bunch, but it's very, very complex. It comes with Comodo's firewall -- which is very powerful but arcane. PC Tools' antivirus doesn't automatically update.

http://www.clamwin.com/
http://antivirus.comodo.com/
http://www.pctools.com/free-antivirus/

Spyware Terminator is completely free for any use and can use the ClamWin engine as a realtime antivirus. But I haven't tried it yet. This may be the best current option.
http://www.spywareterminator.com/
http://www.techmalaya.com/2008/05/10/clamav-real-time-scan/

Moon Secure AV is a realtime version of ClamAV, but it was pretty flaky the last time I tried it. Maybe it's better now? (Wikipedia notes that Moon is violating the GPL by not publishing its code. So take that into consideration, too.) If Moon worked well, it would probably be a great choice.
http://www.moonsecure.com/

On the ZIP front, I like IZArc better than 7zip. It's basically 7zip (it uses 7zip's code) with an interface more similar to WinZip. I think this makes it a better WinZip replacement.
http://www.izarc.org/

- Matthew Borcherding

I’ve coded a batch file to remove the Windows Presentation Foundation plugin (along with the accompanying Firefox .NET extension.)

My batch previously just removed the extension, but then I found out about this cruft as well.

This can then be easily added to a login script or such so you can remove it from multiple systems.

You can grab it from my blog here:
http://borchtech.blogspot.com/2009/10/updated-code-on-net-35-network.html

I hope this is useful to others...

And if you're using a Windows system (locked down and using SteadyState or DeepFreeze or something similar), you can then easily print statements and results, save them locally, etc.

You can't do that (well, easily) with a Linux LiveCD.

And yeah, this Windows system isn't useful except for those times you're banking, contacting ADP, or other high-risk online activities. But it doesn't need to be anything high-horsepower. Any 5 or 6 year old used/surplus system you picked up for $100 (or if you're an established business, any of your old systems) can handle this. Add a $20-30 kvm to your main system.

For an individual, this setup is expensive or technically challenging. For a business with at least a semi-decent IT department, it should be easy.

(But I'd still want to a *REAL* two factor password system to make it proper!)

Vista's big problems vs. Win7

1) Drivers. Driver model changed from XP to Vista. Lots of devices at Vista's beginning either didn't have drivers or had buggy/crappy drivers. Win7 uses Vista's driver model, so most Vista drivers will work on it. And since Vista has been "gold" for almost 3 years, drivers exist for most devices made in the last 4-5 years. (Past that, well, still good luck. If a device was really popular or the device/chipset manufacturer is good, maybe you have drivers.)

Note that this may changes a LOT if you go from 32-bit to 64-bit. 64-bit drivers may or may not work well on your system. My personal experience was with a Toshiba Satellite laptop. Utterly unstable BSOD city with 64-bit Win7, even with official drivers. Installed 32-bit instead and the system is rock solid stable. I'd rather be running 64-bit, but not if the system becomes unbootable within a day.

2) File copying. For me, pre-SP1 Vista was completely broken just for the file transfer issues. Transferring files to/from my corporate network took 20x (more?) that of XP. Completely unacceptable and a total deal breaker. (And I don't know how or why this critical bug ever escaped beta. Don't people at Microsoft actually transfer files on their networks???)

3) Performance. Vista was significantly slower than XP, and was pushed onto machines that were completely overwhelmed by this. Even more "hefty" systems struggled. The internal memos on this at Microsoft were classic. People bought $2000 laptops that were much slower than their 2 or 3 year old previous laptops. Vista performance stank. And RAM requirements were underplayed. XP runs fine with 512mb - 1gb of RAM (depending on your usage). Vista needs double that, but some of the original Vista systems had only 512mb.

Vista after SP1 (and some more updates) improved quite a bit on it's performance. Win7 is faster than Vista as well. OK, it's not as fast as XP. But the gulf between XP and Win7 is nowhere as vast as that between Win XP and Vista back in 2006-2007.

We're also 3 years along with Moore's law. Dual-cores are common. Some even have triple and quad cores. Graphics cards are much better as well. So average system power is much higher and more capable of shouldering additional computing burdens.

So Win7 should run well on most 2007+ systems (except for lower-end netbooks), especially if you up the ram to 2gb. Ram is dirt cheap these days, and almost all systems come with at least 1gb of ram. Even many consumer systems sell with 2gb or 3gb of ram.

I still wouldn't try to use it on anything other than really high-end "workstation" systems from pre-2006 (e.g., got a Dell Precision with dual socket Xeons?).

And if you bought a low-end early non-dual core Vista laptop -- sorry, just downgrade the system to XP. You got screwed.

4) UAC. Yes -- UAC sucks, especially if you need to do any real adminstration on a Vista system. I setup group policy on my corporate systems so that any administrator accounts had silent elevation, so UAC still ran but silently in the background. For home systems, sometimes I just turned the annoying bugger off.

It's easier to tone it down in Win7. At these levels, it doesn't pop up constantly, and probably is no more annoying than security prompts in OS X or having to sudo everywhere in Linux.

5) The UI.
And yes, I've been using Win7 on my laptop for a month. I'm still not completely happy with some of the UI changes vs. XP. (Vista of course had the same problem. Microsoft broke design conventions that existed since Windows 3.0 or so. Vista made items harder to reach -- requiring 5 clicks instead of 2 or 3. And so forth.) But the UI in Win7 is more polished and less annoying than Vista. I still miss the classic start menu, but I'm missing it less and less. And I couldn't live without the Quick Start bar. It can be somewhat easily faked in Win7. And no, pinning icons to the task bar is not the same -- they take up lots, lots more screen real estate.

6) Program compatibility.
We're better off here vs. 2006-2007. Most programs updated in the past 3 years and newer/updated versions run fine now on Vista. And if something runs fine on Vista, it is nearly guaranteed to work fine on Win7.

If you still have annoying legacy programs then yes, you'll still have problems. If you have the capabilities, test your older programs against Win7. Or run Win7's XP Mode and use that for legacy programs. Or even better, run a XP VM using VirtualBox -- higher performance and better system compatibility.

Overall:
So unless your Vista system was one of the early ones that had completely underwhelming horsepower (and you "upgraded" it to XP, right?), you should probably upgrade to Win7. But your 6-year old XP system? Stick with it or buy a new system with Win7 later.

If you're more conservative and you're not buying a new system, wait 3-4 months for Microsoft to update any inevitable bugs. And if you're really conservative (e.g. let's upgrade piles of corporate systems from Vista to Win7), wait a year or so until Win7 SP1.