IT always cautions users to never upgrade your operating system until you do the following:
Ensure you have a full backup of your system just in case you need to roll back
Ensure all your current versions of software and peripherals are compatible with the new operating system, see https://roaringapps.com/ for compatibility tables
For Operations Mac users, IT blocked the upgrade to High Sierra due to incompatibilities with Office 2011, Office 2016 (v15.34 and below), Spirion (formerly known as Identity Finder) and Sophos. IT has now confirmed that Office 2016 v15.35 and higher, Spirion and Sophos are now compatible with macOS High Sierra. IT has now:
Allowed the installation of macOS High Sierra to be installed on all systems with Office 2016 version 15.35 and higher
Has blocked macOS High Sierra to be installed on systems with Office 2011
IT recommends that users of systems running compatible versions of these applications upgrade to High Sierra. If, following the upgrade, an application is not behaving as expected, users should reinstall the affected application and repeat the testing. While a reinstall of the your software should usually address the issue, problems may persist. If this does not resolve the problem, please open a help ticket via the link below.
This project was possible because IT identified affected systems with BigFix and Casper. To get BigFix for your computer, please visit software.lbl.gov.
Related News
MacKeeper is a well-known utility suite for macOS, which is typically installed by users looking to improve the performance of their system. MacKeeper is known to use aggressive marketing techniques, and has a very poor track record in terms of security, and in its ability to perform as advertised. Further, MacKeeper has been known to destabilize a Mac, undermining its stated purpose.
MacKeeper is increasingly seen as malware because of its pervasive pop up ads and can even be considered spyware. Sophos reported Mackeeper as 2017's most prolific potentially unwanted program on the Mac. Most alarmingly, Mackeeper has a very poor record on security. For example:
In 2015 MacKeeper had a major security breach of its customer accounts
Also in 2015, MacKeeper had a major security flaw which gave attackers full access to control a user’s Mac
With the help of BigFix, we have identified users with MacKeeper on their systems. We will be reaching out to those Lab employees to let them know that we wish to remove MacKeeper from their systems for security reasons. Communication will occur prior to any action.
If you have any questions. please feel free to contact IT at [email protected] or click on the link below.
This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit software.lbl.gov.
Related news
- Improved dashboard with collapsible sidebar
- Search with new filters
- Responsive tables
- Batched notifications
- Copy and delete page hierarchies
- Resolve permission roadblocks faster
- Easier access to your work in progress
- Unpublished changes reminder
- Improved page history
- See email notifications in one thread or conversation
- Attachment indexing performance improvements
Do you want to:
Increase your computer security, and reduce the effort needed to keep it that way?
Inventory and report potential computer software and hardware issues?
Help find and track your computer assets?
BigFix can help! In fact, Berkeley Lab IT has BigFix deployed on over 4000 Windows, Mac, and Linux systems across the Lab. We recommend that all employees install BigFix on all desktop and laptop systems at the Lab. To get started now, install BigFix from software.lbl.gov.
The single most important thing you can do to protect your system is to keep the operating system and all applications up to date with the latest patches. Hackers target computers running obsolete operating systems and applications, which have well-known and easily-attacked vulnerabilities. For example, if you are running an older web browser, email program, image viewer, instant messaging, or even media player, your system is susceptible to infection with no action on your part other than viewing a malicious site. By installing BigFix, you can be sure that your system will always be running the latest version of the operating system and the most commonly compromised applications. For more information, see Patch Management Services.
BigFix is also used to detect and report on common issues with your system, including low disk space, vulnerable programs, and even failing hard drives. IT User Support can then proactively help you address these problems before disaster strikes! For example,
In October 2017, the popular system utility CCleaner was hacked, and malware was embedded into the newest updates. We were able to identify who had CCleaner installed, notify users of the vulnerability, and help them clean up their systems. For details, see CCleaner Hacked.
In October 2017 Microsoft released a Windows patch that could cause a computer to fail boot. IT User Support was able to identify these systems and worked with the users to ensure that reboots were done in a way that wouldn’t impact their work.
BigFix is also being used in the Lab’s current Wall-to-Wall inventory campaign! Any DOE-barcoded system running BigFix and on the LBL network can be automatically checked in to SunFlower, saving your property rep from having to manually scan the barcode. This pilot program is currently under development by the IT and CFO divisions.
For these and many other reasons, we encourage you to install BigFix on your computer systems. BigFix is available from software.lbl.gov.
If you want further information regarding BigFix or need help installing BigFix, enter a help ticket by clicking on the Request Help link below.
Problem
As reported yesterday, there's a major security flaw in Apple's newest operating system, High Sierra. The bug allows anyone to gain complete administrative access to the computer when using “root” as the username with a blank password. Berkeley Lab's Cybersecurity team has released this information, Apple OSX High Sierra 10.13 authentication bug.
Solution
Apple has released an updated labeled Security Update 2017-001, https://support.apple.com/en-us/HT208315. Ensure you install the update.
BigFix Deployed Apple Update
As of this 11/30/2017 AM, we had some users who had not installed the Apple security update. BigFix discovered these systems and installed the update automatically.
Cyber Security recently changed Berkeley Lab Identity password requirements. The changes included:
- Your passphrase must be at least 14 characters
- Your passphrase must pass a strength check that disallows repeated / sequential characters, keyboard patterns, and other trivial passwords
- Your passphrase must be changed every 12 months, rather than 6 months
For more information see Password Requirements - 2017 Update.
Problem
Microsoft recently announced that Windows devices may fail to boot after installing Windows 10 Updates that were released on October 10 2017. This is the result of a problem on Microsoft's end in publishing the updates with IDs KB4041676 and KB4041691. Microsoft has since revoked these updates, and has provided solutions for affected systems, as detailed below. Functional versions of these patches have since been released. It is estimated that as many as 265 Windows 10 systems running at Berkeley Lab may be impacted. These systems were identified because they have BigFix installed.
If you received an email from IT User Support about this issue, then your system has the potential to be affected. Even if your system appears to be working fine, there is a possibility that your system will fail to boot upon your next restart.
Note that applying the Microsoft-recommended fix for this issue will require advanced Windows skills, and is best done by an IT professional. You can either apply one of the solutions listed below or contact the IT Help Desk by clicking here to email [email protected].
While this issue should not cause any loss of data, IT User Support reminds all users that all computers should be backed up, and recommends Druva inSync for this purpose.
Solution
Scenario: Windows 10 devices that downloaded the October 10 KB4041676 or KB4041691 update with publishing issues and have NOT YET BEEN REBOOTED
Fix: Reference “Scenario 2” solution on Microsoft’s Support site, https://support.microsoft.com/en-us/help/4049094/windows-devices-may-fail-to-boot-after-installing-october-10-version-
Scenario: Windows 10 devices that downloaded the October 10 KB4041676 or KB4041691 update with publishing issues and are unable to boot into Windows.
Fix: Reference “Scenario 3” solution on Microsoft’s Support site, https://support.microsoft.com/en-us/help/4049094/windows-devices-may-fail-to-boot-after-installing-october-10-version-o.
This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit software.lbl.gov.
See how the IT User Support Department is trying to stretch dollars to support science, see our story at Chrome OS.
Problem
Some CCleaner installers were found to have third party malware embedded. Though CCleaner fixed their installers quickly, some of users downloaded and unknowingly installed malware. A project in IT User Support was initiated to identify these systems and notify users that their computers could be compromised. We requested removal of the software and a complete Sophos scan to be run to confirm removal of the infected software. We are continuing to monitor systems for potential threat using BigFix.
Solution
IT User Support advised staff to do the following:
- Uninstall CCleaner
- Run a Sophos scan. If you don’t have Sophos installed, please download for our software download page (https://software.lbl.gov)
Related news
Please note as a part of this investigation, we discovered that the free version of CCleaner cannot legally be installed on Laboratory computers. The IT User Support will be issuing a BigFix offer to remove this software at user convenience. If you don't have BigFix installed on your system please see our IT Software Download Page at https://software.lbl.gov/.
This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit software.lbl.gov.
As of October 16, 2017, Adobe will no longer be supporting and providing security patches for Acrobat 11 and all previous versions. If a security vulnerability is identified after October 16, 2017, Cybersecurity may block you from our network unless you do one of two things:
Option 1: Upgrade to Adobe Acrobat DC
Adobe has now moved to a cloud based subscription model of Adobe Acrobat, called Adobe Acrobat DC. The current cost for Adobe Acrobat DC from the Lab’s software site is $160.00 per year. This is an annual subscription with the potential to increase between 3 to 5 % annually.
There is no direct upgrade path from older versions of Adobe Acrobat to Adobe Acrobat DC. Adobe Acrobat DC can be obtained from our Lab’s software download site, https://software.lbl.gov/swSoftwareDetails.php?applicationID=1. As a reminder, all Adobe products should be purchased through the Lab’s software download site.
Option 2: Use an alternative PDF reader/document signing tool
CutePDF is available for free on software.lbl.gov to support PDF generation. For users who use Adobe Acrobat as a signature tool, HelloSign is a free alternative solution to Lab employees. Windows 10 and Mac users can generate PDFs using the built-in print to PDF function. If you wish to obtain further information regarding PDF generation or HelloSign, please submit your questions to [email protected].
Problem
There is a known Windows 7 log file compression bug. As a result of this bug log files replicate and grow filling up your hard drive effecting system performance and slowdown. Microsoft has known about the bug, but has not provided an official patch. Several users at the Lab recently have been a victim of this bug and their systems are currently being addressed. If you feel your system may be affected and your hard drive is filling up, the fix provided below should address the issue.
Solution
Follow the steps:
- Stop the Windows Modules Installer service, by clicking Start and in the Search box type services.msc
- Scroll down to the Windows Modules Installer service and double-click on it
- Under Service status, click Stop, then click OK
- Use File Explorer to go to C:\Windows\Logs\CBS. (If Windows is installed on a different hard drive, you have to go to that drive.)\
- Delete all of the files in that folder
- For good measure, delete all the "cab*" files in your Windows Temp folder, typically C:\Windows\Temp
- Reboot
If you would like help with this process, please click the link below to request support.
This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit software.lbl.gov.
Maintenance to LBL power systems impacting Building 50 will take place over the weekend of Aug 19-20.
The following systems are expected to be operational:
- Login / LDAP / Directory Services
- www.lbl.gov, today.lbl.gov, newscenter.lbl.gov
- Email delivery, routing, and access including email lists.
- All Google Services
- Building management and security systems operated for Facilities
- Telephones and Voicemail
- Network access to unaffected buildings on the LBL site.
The following systems will be taken offline:
- All IT Operated Business Systems (Peoplesoft Finance, Peoplesoft HR, LETS, Maximo, etc).
- Commons (Confluence) (will include websites for facilities, IT and other sites hosted on this platform).
- WWW2.lbl.gov including all sites hosted on this platform.
- All HPC Services
- All IT Provided CIFS (Home Directory, Group Share) Services.
- All services in 2109 Colocation Facility.
Systems will have different restoration points, but restoration could easily extend into Monday August 21st.
Please monitor status.lbl.gov for updates.
Google has been experiencing issues with Google Docs, Google Sheets and Google Slides this morning. Google Drive has also been impacted preventing attaching files to emails and calendar events. The service has already been restored for some users, Google expects a resolution for all users within the next 2 hours. For additional information, visit the Google Status Dashboard.
We are currently experience a partial outage of the voicemail system. Users cannot currently retrieve messages. The ability to leave a message is not impacted. We expect resolution before 2pm today.
Earlier today, an automated email was sent in error to multiple ALS staff indicating that their appointment at the Laboratory was ending. This email was the result of a software error which has now been corrected. We apologize for this problem. If you receive additional emails in error, please open a ticket at help.lbl.gov.
