Snow Daze

We had a snow day on Monday… again!!! The song is Ya-yo-gak by Steve Vai.

A New Age is Dawning

In case you haven’t read my previous blog posts, we’ve been contending with some virus issues at my place of work. It turns out that our previous AV solution was pretty much garbage. After much research and discussion, we are going with a new product. It is shaping up to be the new best in the business. It took top honors for 2008. Edging out my personal favorite… Kaspersky. The personal edition is free and it is as good or better than Norton without the lag you get when Norton is running in the background. Check it out some time.
http://www.avira.com

Once I get my lesson prep completed for my up coming classes, I’ll pull all the research info together into a more cohesive format than it currently is in and post it as a page here.

Cheers!

the ‘I Hate Moving’ Club

Years ago I used to love moving from place to place. It was easy then. Nearly everything I owned could be packed into my external frame backpack. As it progressed, I could fit everything into my vehicle. Then it happened. I reached a point where it was just simply a matter of loading the car and going. I had begun to collect some stuff. Books, tools, sheet music and gear of various types. I realized I needed to trim down some stuff. There was a fair bit of ’stuff’ that I just don’t need any longer. It serves more as a security blanket for that one moment where it will serve it’s grand purpose. This accumulation of stuff has me worn out though.I long for simplicity again. This is spawned each time we have moved. My wife and I have moved 5 times in our 12 years together. 6 times if you count the weekend I helped move her into my place. That is a story in and of it’s own involving a kitten, snow and an angry woman. The last 2 have been in the year since I departed the wood working industry. The first of which was into a snug little apartment in what could be classed as ‘da hood’. We sold, relocated and gave away a lot of stuff to facilitate the fit into 850 or so square feet. It was a budget driven decision, so we worked hard to consider the infrequent periods of gun fire, neighbors being jumped by other neighbors, drug peddling children and occasional late night unannounced entries into our home as fringe benefits and sought to find ways to make it comfortable. This last move has been a step up though. The new place is not a new building. It’s a quiet neighborhood where gunfire is not considered a way to improve your standings with the local PD and the park across the street has a sign saying the park closes at dusk that folks actually adhere to. So I try to keep it all in perspective as I deal with the usual rounds of illness and the general way God has of allowing other things to creep into our plans as we relocate for what I pray to be one last time before we reach retirement age. Because quite frankly, I have reached the point where moving sucks.

the Dime and Ten Cent Store

Remember the old saying, you get what you pay for? Some times you get less. Last fall there was a worm that came around called Vundo. Aggravating little bugger. It would not have been a big deal except our antivirus couldn’t stop it. My team mate and I successfully trapped and indentified a variant of the Vundo worm (mostly him, I was only watching the network traffic). We sent it the developer of our AV suite only to have them take at least two weeks to release the signature. I think it was longer but we are still pulling all the log and email data together to substantiate this. At any rate, if you’ve been reading along, we now have picked up Conficker. It’s a jem too! [insert the smell of sarcasm here] Our AV package was not picking it up either. It started grabbing Conficker.B on Monday afternoon. I first saw Conficker.J last week. Ironically, it was recognized by our AV software but unable to be removed. Enter Conficker.C – the devil may care strain. It loves AV packages. It loves them soo much it shuts them down. Or at least it tries to anyway. Yesterday it tried more than 1400 times to shut down my Kaspersky installation in about 50 minutes. Oh yes, I forgot to mention, I don’t use our network’s package on my own machine right now. As soon as it was clear they weren’t going to be any faster with the Conf sigs than they were with Vundo, I removed it from my own machineand installed the wonderful 30 day trial of Kaspersky (enabling the data and collection share features). Both of my machines have been clean as a whistle since. At any rate, Kaspersky has stood well. Now if I could just get their sales folks to contact my boss with a quote…

… I did get an email forwarded to me from one of the techs at the NOC of the offensive antiviral suite via my boss. It was a request for us to send them securely packaged copies of the 2 strains their software was not stopping. Okay. NOT! I’ll do it if the boss tells me to. She actually asked me what I thought. I told her that if we were going to do that, I wanted to start receiving a royalty check. She agreed and we left it at that.

Is It or Isn’t It?

Either AVG is garbage when it comes to removal or I witnessed one of Conficker’s defense mechanisms today. I found 2 registry keys and a phantom folder for AVG8. Except I am pretty sure AVG was not installed on at least 2 of the machines I saw this on. This will be interesting as our team continues to work on this little beast. I think I have a grasp on how it’s scanning but I am not certain quite yet. It’s HTTP sources appear to be neat little random names that are comprised of a couple of characters and a number. one sample showed it coming through 9 times under one name and then 2 others once it got a toe hold on the local machine. ALJ1 through ALJ9 as the domain. I am going to look at some of the other log files from today once I get in tomorrow. I think I have an idea how we can stomp out the source machines. We’ll have to see if I have time to test the theory tomorrow. I am currently in hot water for giving our current AV solution the file 13 treatment to protect some mission critical machines today. Sometimes it is better to beg for forgiveness than ask for permission. this is the first time I feel that statement is justified. We’ll see how tomorrow goes though.

the Incredible Intricacy of Conficker

The day began simple enough. I rolled out of bed a little bit early. It was just before 5am so I turned my alarm off to give my wife that rare morning of me not smashing my snooze button 5 times before I actually drag my over weight frame from our bed. With the jewel of snow that the recent storm had brought to our area, I had one last morning of a 2 hour delay for the start time of work. That meant I had 5 hours before I had to be there. With the recent worm that reared it’s beautifully fashioned self at work, I knew I had a full day ahead of me regardless of what the official bulletin said on the website and by line scrolling under the nauseatingly chipper news caster indicated. I spent a little while just surfing and catching up with the goings on of other folks via Face Book. I was amused at just how many people were regular about posting their status. They may not take time to call. I may not have even seen some of them in years. I could rely on them updating their status regularly though. I imagined how funny it would be to have them scrolling like the passenger messages I once saw on a lighted message board at Stapleton International Airport during a layover many years ago.

I noticed that it was getting around 6am and thought more about that virus. It’s a beautiful piece of work. I had caught it in action last night before I left my office. I saw the tell tale hesitation as Windows strained against something when I clicked my email reader. With my Network Admin Spidey Sense tingling, I immediately opened an instance of Wireshark. I let it run for just over 10 minutes capturing the transmissions of data like a helicopter pilot hanging a microphone over a New York street. I scanned through the data letting my mind slip into that Mentat trance that allows me to quickly differentiate between streams, broadcasts and the hen like babble of the various services advertising who’s IP they had and what they wanted just like a bunch of budget conscious bargin shoppers flitting about Craig’s List.

There it was. Small blocks at first. Then, just like a bean sprout it shot up and unfurled it’s leaves. The growth was astonishing. This thing was done creating it’s nursery allowing it to replicate and had begun to create it’s smoke screen in an attempt to call home and download some tools to try and crack my password or the details of any other account it could glean from my system. Maybe attempt is a poor description, since it was successful. Within seconds my bargain bin anti virus suddenly proclaimed with it’s bright red window. “Virus Found!”.

Duh.

I am not fond of the package we use. It’s what we have to work with though so I cringe as I click the Okay button telling it to make it’s lame attempt to squash this virtual beasty that has spawned within my machine. I then proceed to run the tool from Microsoft that really removes it. As the tool runs I return to scanning through the data, searching for the seed that it sprang from. Our systems are so comprimised though that I find 4 possible sources in less than a minute. Two of them are machines that shouldn’t even be on. Gotta love the human factor. I then am able to trace it down further. There it is. Coming from the machine at the next desk. I laugh to myself as I save the data for review this morning. It then occurs to me I sould probably head in early. I could only imagine the response the Director of Technology was going to have after having had a fullnight to read the two articles I had linked to her during the previous afternoon.

I hopped into the shower and took my time, letting the hot water course down my back and race into the drain. I was thinking back to the many years I spent in Woodworking busting my tail pulling 12-14 hour days in the name of getting a project done well and on time. As I get older, I find it harder to commit myself to those kinds of hours. Years of conditioning usually kick in though and I am sucked in. Today is no exception. My mind wanders to the many hours I spent working after the rest of the plant had gone home. Either in my office or at my desk in the back bedroom of our home in Colorado. I was eager to learn the syntax behind what made our CNC machines tick. I wanted to expedite my drawing time so I could spend more time polishing the quality of my product to the men and women who were building the projects I was interpreting. I met a man via an on-line forum named Randall Rath. We had talked in private, via chat rooms and in his forums, the now defunct VBDesign.com, about the art of coding. I struggled with it a lot. the man was a master. His doctorate is in automation and computer science as I recall. He pushed me harder and harder to write clean and clear code. To make what I was writing count. At first I found it to be odd that a man I had never met face to face was so interested in my succeeding. Then one night, while we were having one of our drunken chat sessions, his Wodka must’ve relaxed his guard more than he expected.  He came clean with me and told me about his youth working in a woodworking shop while he was in college. We traded stories about the challenges of running compound radius mouldings through a shaper with nothing more than a few steel pins and our resolve to keep the piece on track. He loved woodworking but not as much as he loved computers and automation. After that I never questioned him when he pushed me harder to write better code. Most of what I know now isn’t good for much outside of making my life easy from time to time. I still think about him occasionally though.

You are probably asking yourself right now, “what does this have to do with the virus worm thingy Jim? Is this another of our tangents?”

I tell you resoundingly, “this is not a a tangent.” This last year has opened up my eyes to alot of things I previously only speculated about with computers. That coupled with my past experience has me in awe of the people who wrote this virus. The methods it uses to propagate. the means that it draws upon to adapt and protect itself. It even patches a memory vulnerability to protect itself form other malware that may reside on the system! I have spent hours in the trenches. Crawling through thousands of lines of code. Searching. Rearranging. Re-writing and re-working it until it hums and sings. Optimizing it so it will fit within the smallest space possible and bring about the greatest results. This worm is doing it’s job. Extremely well. I admire the skill of the people who wrote it. It’s a beautiful. It’s intricate. By the time we’re through with it, I’ll know how it works and we will stop it.

As I am wandering in my reverie, my wife surprises me by sticking her head in and asking how many framed eggs I’d like to have. She makes the best. I look at her wearily, dragging myself back from my memory scape. She smiles and says, “I’ll make you two” and drops the curtain heading back to the kitchen. After I eat my breakfast I sit on the edge of the couch and start to put my shoes on. My cell phone is playing the meringue tune I selected for the ring tone. It’s my boss. She wants to know if I’ll come in a little early and get a jump on this latest virus. I smile and tell her, “funny you called… I was just putting my shoes on to leave.”

An Odd Anniversary Date

Today is the one year anniversary date of my beginning classes for my IT certifications. As such, it only seems fitting that it also be the day that the nastiest self replicating worm I have ever seen infests the network that I am partially responsible for protecting. Given the status of the network when I began working there, this has been no easy task. Yet we will endeavor to perservere. As an FYI for home users, you are not very exposed to this unless you transport data to and from work via thumb drive. Either way, here a few links to whet your curiousity and help you determine if you acquired this beauty. Should yout discover you have it. There is also a link to a brief bit so you can be the hero to your IT should he be pulling his hair out (if he has any left after trying to stop this thing).

The basic info:   http://blogs.technet.com/mmpc/archive/2009/01/13/msrt-released-today-addressing-conficker-and-banload.aspx

More detailed info:   http://blogs.technet.com/rhalbheer/archive/2009/01/13/additional-information-on-conficker-msrt-removing-conficker.aspx

The big hammer:   http://web2.minasi.com/forum/topic.asp?TOPIC_ID=29841

Cheers!

The Easier Move

Moving all of my LJ posts over was alot easier than my family’s upcoming move is going to be. Nice.

I like the features with WP much better than LJ. It’ll take me a little while to clean everything up but I think it’ll be alot easier to blog.

I’m Free!

Yeah. I know… you haven’t written in your blog for a while. Well here it is. I am back.

It was difficult to motivate myself to do so when I had echoes of drama dancing through my head. As much as I enjoyed this process, the weight of someone taking my writing out of context and trying to make it a criticism of themselves really was more than I wanted to deal with. I’ve moved on from that and have decided moving forward that if you don’t like what I have to say, stop reading and for goodness sake… DO NOT MESSAGE OR EMAIL ME with your disapproval or self focused drama. I will ignore you at first and if your attempts become too annoying… I will remove you from my lists and block you. This blog is supposed to be about me. A way to share my thoughts and feelings as I make this journey. Treat it as such or stop reading it. Enough about that.

This all began because I lost my job. More than 20 years doing something that I loved. Carpentry and Woodworking, but mostly the Woodworking. I was slapped in the face with an offer that wouldn’t allow me to support my family. So I was faced with a choice. An opportunity to take a step up or at least make a lateral move. I opted to take a chance on making a step up and secured a student loan. then I began classes, as you all know from reading thus far. I entertained the idea of catching you up with a synopsis of what took place over the last few months and managed to distill it down to the following short list of events. If I were to expound much more, knowing myself, I would get bogged down with it and fall further behind than I already am on my studies.

• I started looking for work and was really positive about my prospects.
• Things started getting weird… what do you mean I need 2 years experience for an entry level position?
• I landed a very short corp to corp contract doing some work for Sony Ericsson. Was great week
• The following week not so much. It seems that what a couple of the people I interviewed with wanted was someone who was into being permanently ‘entry level’ – sorry, I can’t do that. they declined to offer me the position because of that. Are they looking for someone who like to lie too? I don’t many folks who are truly like that. Everyone wants to get ahead.
• Now it’s getting scary… really scary. Over 500 resumes sent out electronically. Not much for interviews coming in though.
• Time Warner Job Fair – sounds promising doesn’t it? 300 people for 10 jobs. I am told I have made it through the initial process and they want to give me a personality test and runs a background check. They never follow through on either.
• Nothing still. the interviews I am called for are Insurance and Annuity Sales jobs. WTF?!?
• Now I am getting calls. Sort of. The career adviser for the school gets more involved and I suddenly have 3 really sweet interviews. I don’t get one of the jobs. Another, the interviews (3 total) go great and they express concern over my soft spoken voice. I still haven’t heard from them. The 3rd kind of fizzles as I never get past the phone interview stage after the guy tells me he’ll call me back and reschedule.
• I’m terrified. We’re almost out of money and my unemployment is running out. Now my prayers are increasing in frequency as I continue to keep making steps forward and ask God if this is really what I am supposed to be doing.
• We get rained on for the 4th of July and the fireworks show we just sat there 3 hours waiting for is canceled. I am doing my best to not think about the coming week.
• On Monday afternoon I get a phone call. The guy tells me he’s seen my resume and spoken with the school. He’d like to talk with me on Tuesday. That night I get another call. It seems that one of my school mates has found out about 3 openings with his company. He’s specifically pulling to get 3 of us from school in with him. I can’t help but smile while my stomach gets twisted up in knots. I got excited about a similar situation not long ago. This is not a week for things to go bad again.

So yesterday, I get all of the leg work done for the job with my school mate and head off to my interview with the guy who called early yesterday. The interview goes great! As he’s leaving he says he needs to talk to his supervisor about how much he’s empowered to offer me. He’ll get back to me that evening. As I am sitting there checking my email after I get home from leading/teaching a Network+ study group at school, my heart sinks. There’s nothing in my in box. So I sit there and watch TV for a few minutes while I chat with my wife about the events of the day. As the commercial comes on, I turn to my computer to shut down for the night. Out of habit I clicked my send/receive button on elast time before I close out my email reader.

OMG!!! No way. As I am sitting there telling my wife that I still haven’t heard from the guy… there it is. There’s an email from him in my box. I open it nervously and begin to read. When he had left, he made it sound like I may not get the best of offers. It’s everything he said and more! So now I am faced with the choice. this is it. This is a full time permanent position that will officially move me out of the woodworking industry and into IT. Not a contract or short term job. Full time direct hire. It’s right up my ally too. It’s field tech with a chance to grow.

So I slept last night better than I’ve slept since I was first let go from my old job. I prayed about it last night and then asked the Big Guy again… is this it? I still feel good about it so let’s give it a go.

I just emailed a signed copy of my acceptance to him this afternoon. I start work tomorrow. w00t!!

Study Breaks

I have been sleeping a lot lately. It has been suggested that my many years of 70+ hour weeks may be has caught up with me and my body is trying to get some sleep time back in the bank. It'd take several years of 12 hours a night to completely catch up on my sleep though so I'm not going to get too excited about it. I will be working more on my health though. I have had a few episodes lately that have my wife worried that I am going to have a heart attack or stroke. It is this that leads me to believe that is where my problem lies. I need to start moving around more with out a doubt. The sedentary life I have evolved into is conducive to the poor health I am experiencing from both the things I have read and my own personal experience. I was at my healthiest, ironically enough, when I was working 55 hr weeks in the shop and spending my free time hiking and climbing. My wife has been giving me a hard time about the fact that I have not been on a major hike since before our youngest was born. Coincidentally, that time period is when I have gained all of this weight. I quit smoking so there's my start. This week I gave up carbonated drinks. Dr. Oz says that will help too. Now my next step is to get out more. I think I'll start by walking to the Pack Leaders meeting at the church tonight. I have been named the new assistant Cub Master for our pack. Since our youngest will be getting into Scouting next year, I will have a good 4 or 5 years in the roll of Cub Master after our current one steps down at the next Blue & Gold.

In other news, I am still not confident I am ready for the 70-270 exam. My scores are not so good. Mostly because I am not getting in the study and application time I'd like to. I need to work on those as well. I have 2 1/2 weeks left to attain my MCP with this latest exam path. I will do this.