Tag Archives: software

Sophos Deployment

Last month we began the campus rollout of Sophos Anti-virus, which is replacing the Symantec package we have been using for the past several years. We have deployed this anti-virus solution to many Windows based systems across campus. At this point we will continue the deployment to all faculty and staff Windows and Macintosh computers.

For Windows systems this will be delivered across our network using the same mechanism that manages our Windows workstations. To facilitate this deployment we need to ask that all Windows systems be turned off on Friday nights and powered back up on Monday mornings for the next several weekends. The install packages will be pushed across the network when the system is powered back on Monday morning starting March 19th.

If you should need your system over the weekend and you are off campus there will be no impact to this update. It will resume on Monday as scheduled. If you need your computer and are connected to the campus network (other than through the VPN) you will receive the update when you power your computer on.

For the deployment of Sophos to Macintosh computers we will be leveraging a utility called Casper. Casper will allow us to seamlessly remove Symantec and install Sophos. To ensure that Sophos will be successfully installed on your Macintosh system, please install Casper prior to March 16th. For instructions on obtaining Casper please see the Casper installation page at http://go/getcasper. Please note that Casper is licensed for Middlebury-owned systems only.

For information on Sophos please see the FAQ at http://go/sophos. This will answer many questions you may have and should address any issues you may encounter. Prior to the date your system is scheduled for the Sophos install please do the following:

  • Complete any software installs you may have pending, including any Windows Updates.
  • For Macintosh computers, confirm that you have the Self Service application installed in the Application Utility
  • Disable any additional firewalls you may have added beyond the operating system specific firewall. Please note, this is not referring to anti-virus such as Symantec but rather products such as SonicWall.
  • Shut down your system the Friday before the install so that it receives the scheduled install when it powers up on Monday morning.
  • Shut down your system on Monday night (after the scheduled install has occurred).

For faculty and staff who wish to install Sophos on one of their own personal systems, Middlebury is licensed for one copy per employee for home use. To download a copy for your home system please visit the Sophos FAQ at http://go/sophos .

For additional information please see http://go/sophos

 

 

Supported Web Browsers

For an updated list of currently supported browsers, see the Web Application Development website.

I was asked by a member of the LIS Website Team to update a post from two years ago on supported web browsers for our site. In general our guideline for supporting a browser is to keep support for it for as long as the browser’s manufacturer is supporting it. This means we will try our best to resolve issues with any browser that you can readily download from a manufacturer’s site, except for beta and pre-release versions.

These guidelines apply only to services supported by the Web Application Development workgroup. Other workgroups may have their own guidelines, for example Internet Explorer 7 and 8 are the only supported browsers for Internet Native Banner and Hyperion users.

These are the versions we support at the time of this post (alphabetically):

With the exception of Internet Explorer, each of these browsers have both Mac and PC versions.

I’m using internet explorer, which version should I use?

Most of the site’s features and visuals are the same in IE 7 and IE 8, but IE 8 does have a better rendering engine and will be able to support more features going forward. IE 8 also loads pages faster and processes JavaScript faster because any time a script tries to access an element on a page in IE 7 it has to scan the entire page. IE 8 stops scanning the page after it finds what it’s looking for. As a result, IE 7 users have fewer stories available to them on our homepage because the browser isn’t fast enough to process them all, so we randomly cut some out.

Users of Internet Native Banner and Hyperion should stay on IE 7 or IE 8, since those are the versions of Internet Explorer supported for use with INB and Hyperion.

If that doesn’t apply to you, IE 9 has some interesting features, but is only available on Windows 7. The most important is that it supports HTML5 elements, including the audio and video tags. IE 9 users are able to play these elements on our site using their browser’s built-in media player while IE 7 and IE 8 users will see a Flash-based player instead. I’m working on rolling out more HTML5 features on our site like form validation, date pickers, local storage, and location services that will make the site a bit faster and slicker for people using browsers that support these features.

What about older versions of other browsers?

Security updates for Firefox, Chrome and Safari are only released for the latest version, so I recommend that you turn on automatic updates for these browsers.

The Mozilla Foundation makes available all older versions of the Firefox browser, but after a certain time stops applying security and stability updates to the browser. For instance, this is scheduled to happen to Firefox 3.6 on April 24, 2012.

Is there a different list of supported browsers for editing www.middlebury.edu?

No. The only difference is that Internet Explorer and Firefox 3.6 users can only upload one file to the site at a time. Other users can select multiple files and upload them as a batch, which saves a bit of time. Firefox 3.6 users should update to the latest version of Firefox. The feature is currently not available in any version of Internet Explorer, but will be added to Internet Explorer 10 when that browser is released.

What about beta and pre-release browser versions?

You’re welcome to use these, and they may work, but we will not respond to bug reports about site functionality not working in a beta version of a browser. These are often caused by issues with the browser that are addressed before its final version is released and third-party systems like WordPress and Drupal will often release their own fixes to these issues when the final version of a browser is released. It’s not efficient for us to spend time addressing these issues as well.

I’m using one of the supported versions, but there’s an issue. What can I do?

You can email the Helpdesk, call the Helpdesk at x2200, or submit the Web Feedback form and we’ll get in touch with you via email.

What are the stats on browser usage of the Middlebury website?

Browser All Internal External
Safari 34.12% 36.69% 32.36%
Firefox 23.62% 25.18% 22.53%
Internet Explorer 22.92% 19.85% 25.04%
Chrome 17.31% 17.58% 17.11%

The Android Browser, Opera, IE with Chrome Frame, Opera Mini, and the BlackBerry8530 browser account for under 1% of our site visits. Of the people using Internet Explorer, here’s how many are using each version. If you’re one of the 1.14% of internal users still on Internet Explorer 6, please contact our Helpdesk.

Browser All Internal External
Internet Explorer 6 1.26% 1.14% 1.33%
Internet Explorer 7 21.21% 36.42% 12.86%
Internet Explorer 8 56.45% 57.29% 55.99%
Internet Explorer 9 21.07% 5.15% 29.81%

If I haven’t answered your question here, leave a comment.

Sophos deployment continues

Last week we began the campus rollout of Sophos Anti-virus; which is replacing the Symantec package we have been using for the past several years. Last week we deployed Sophos to systems which are currently running Windows 7.  This week we will be deploying Sophos to Staff systems have yet to be upgraded. This will be delivered across our network using the same mechanism that manages our Windows workstations. To facilitate this deployment we need to ask that all Windows systems be turned off on Friday nights and powered back up on Monday mornings for the next several weekends. The install packages will be pushed across the network according to the following schedule:

  • February 19th: Windows7 systems
  • February 26th: Remaining  Staff workstations
  • March 4th: Remaining Faculty workstations and computers that have not been addressed in prior groups.

If you should need your system over the weekend and you are off campus there will be no impact to this update. It will resume on Monday as scheduled. If you need your computer and are connected to the campus network (other than through the VPN) you will receive the update when you power your computer on.

For information on Sophos please see the FAQ at http://go/sophos. This will answer many questions you may have and should address any issues you may encounter. Prior to the date your system is scheduled for the Sophos install please do the following:

  • Complete any software installs you may have pending, including any Windows Updates.
  • Disable any additional firewalls you may have added beyond the Windows Firewall. Please note, this is not referring to Anti-virus such as Symantec but rather products such as SonicWall.
  • Shut down your system the Friday before the install so that receives the scheduled install when it powers up on Monday morning.
  • Shut down your system on Monday night (after the scheduled install has occurred).

For additional information please see http://go/sophos

Sophos Anti-Virus for Windows Campus Roll-out

Next week will begin the campus wide release of Sophos Anti-virus for Windows. This will be delivered across our network using the same mechanism that manages our Windows workstations. To facilitate this deployment we need to ask that all Windows systems be turned off on Friday nights and powered back up on Monday mornings for the next several weekends. The install packages will be pushed across the network according to the following schedule:

  • February 19th: Windows7 systems
  • February 26th: Remaining  Staff workstations
  • March 4th: Remaining Faculty workstations and computers that have not been addressed in prior groups.

For information on Sophos please see the FAQ at http://go/sophos. This will answer many questions you may have and will address many issues you may encounter. Prior to the date your system is scheduled for the Sophos install please do the following:

  • Complete any software installs you may have pending, including any Windows.
  • Disable any additional firewalls you may have added beyond the Windows Firewall. Please note, this is not referring to Anti-virus such as Symantec but rather products such as SonicWall.
  • Shut your system down the Friday before the install so that it powers up the Monday morning of the scheduled install. If you power your system up over the weekend the install will start at that time.
  • Shut your system down the Monday night after the install.

For additional information please see http://go/sophos

 

Sophos Client Available for LIS Test

Dear LIS Colleagues:

As posted in the blog earlier this week. We are asking LIS to help us with a test of the Sophos deployment. Endpoint Protection Product. If each Windows user in LIS would please run the executable at the following link it will install the Sophos client onto your Windows system. It will also remove the Symantec anti-virus client from your system. There are some things you should be aware of in this process:

  • When Windows detects the uninstall of Symantec and that you have no anti-virus it will give you a warning. You should ignore this as you are in the process of installing a new package.
  • During the install process Windows Defender, if you have it running, may be disabled. If this occurs Windows will give you a warning. Please ignore this warning.
  • While you are at a state with no anti-virus Windows may offer you a link to install a new Anti-virus. These may also be ignored as you are in the process of installing Sophos.
  • The removal process for Symantec has been seen to take a protracted amount of time on some computers. You need to be patient. It is unusual but 10 minutes is a reasonable amount of time to allow for an install of this package. During this process some systems may stop responding at times.
  • When Sophos has been installed the Gold shield of Symantec will have been replaced with a blue and white shield of Sophos .

For additional information on Sophos check out the FAQ at http://go/itsecurity.

Please click here for the Sophos install package for LIS Windows Users: http://whitetail.middlebury.edu/SohopsUpdate/SophosLIS.exe

Sincerely,

Ian Burke

infosec@middlebury.edu

x5368

Sophos test planned for LIS this week

Dear LIS Colleagues,

This Thursday and Friday we will have representatives from Sophos here on site. They will be helping us to develop a deployment package for the client component of the Sophos Endpoint Protection product which we are using to replace Symantec Anti-Virus. As we complete the development of this deployment package and have tested it thoroughly, we will be initiating a test across the systems in LIS to ensure that the package works on a larger group of systems and also to start a larger test of the client here at Middlebury.

Later this week you will receive a second communication about this test effort and it will also include information about how you can help us to assess the impact of the client on your system and also the install process. For additional information about Sophos please see the FAQ  at http://GO/ITSECURITY. Also, feel free to contact LIS Security at infosec@middlebury.edu or contact Ian Burke at ext. 5368. Thank you for your help and understanding with this process.

Sincerely,

Ian Burke

LIS Network Security Administrator

Sophos Project Timeline

Dear Middlebury Colleagues:

To offer some additional information on the Sophos roll-out the following timeline has been proposed and will be followed by the LIS deployment team for this
project.

  • Email will be converted to the Sophos solution the weekend of January 22, 2012
  • Testing will be conducted on individual systems through the month of January
  • Sophos engineers will be on site to help with a larger test group across LIS and to build a deployment agent on January 25 and 26th
  • Server deployment and will be conducted on test servers and production servers through the month of January and February
  • A second desktop test group will be identified and targeted for the end of January and beginning of February
  • Based on the conclusion of two successful tests deployment will continue to the remainder of the campus in February

If you are interested in being a part of one of the test groups, please contact LIS Information Security at infosec@middlebury.edu. If you would Iike more information about Sophos please check the Infosec web site at go\itsecurity or contact LIS Information Security.

Sincerely,

Ian Burke

LIS-IT Security Administrator

LIS Replacing Symantec Anti-Virus with Sophos

Dear Middlebury Colleagues:

LIS is in the process of transitioning away from the Symantec anti-virus solution. We will start using Sophos Endpoint Protection to protect ourselves against viruses and malware. This is a product that has wide acceptance in Europe and is rapidly growing in  higher education and medium-sized businesses in the United States.

Sophos will initially mirror much of what Symantec offered with more thorough coverage of malware, web threats and other malicious content. We will also be offering Sophos to those students that are interested. Sophos Endpoint protection also offers an additional collection of features, such as data classification, device control, mobile device management, and patch monitoring, and we may start using those new features in the future.

Over the next month LIS will be testing installation with subsets of the campus, with a plan to then begin a campus-wide deployment in February. As we move forward additional information will be provided to the campus community. Please feel free to contact LIS Security (iburke@middlebury.edu/ x5368) with any questions.

For additional information see: https://sites.middlebury.edu/lis/2012/01/17/sophos-project-timeline/

Sincerely,
Ian Burke
LIS Network Security Administrator
x5386
iburke@middlebury.edu