Although the iPhone was roundly hooted at when Apple introduced its first enterprise features — such as the ability to handle Microsoft Exchange mail on the iPhone’s Mail client — the phones have become a staple of business users around the world. IT managers have learned they can’t keep iPhones out of company networks, so they’re resigned to admitting them and are now employing them as IT tools.

Absolute Manage has a single feature that can sell it to any company using Apple’s mobile products. An administrator can wipe a computer or phone’s data off the device if it’s been stolen or lost. iOS 4 devices (which could be any 4G or 3GS phone) can also be locked with a remote command in an emergency, or have their passcode cleared for data protection.

These iOS 4 devices can also be used, with the Absolute Manage software, by IT managers to

• Manage user profiles
• Manage provisioning profiles
• Inventory installed third-party applications (custom developed, or from the AppStore)
• Gather device lifecycle management information from the devices

“We are extending our long-standing focus on lifecycle management for Apple products to include robust management for iPhone,” said the company’s CEO John Livingston. “With our forthcoming solution, IT will be able to address brand-new challenges such as managing in-house applications and managing iOS device configuration.”

The Absolute product suite goes beyond the management of Apple’s desktop and mobile products; companies can also use the software to manage PC Windows devices. Absolute said the iOS 4 support is scheduled to arrive in Q3 of 2010.

If only the new iPad could be so lucky to be so well protected. We’ve been using the tablet since its release, but nary an update is to be downloaded to advance the device’s security.

The 10.6.4 version of Snow Leopard, which is a 17-minute download on a middle-fast DSL line, introduces new protection to prevent back door attacks on Macs through the iPhoto software that ships with every system. A new feature called XProtect gets an update that keeps hackers from installing malware by fooling users into thinking iPhoto is at work, when damage is being done.

An update of a Mac’s operating system for security reasons — that’s a good idea. But Apple doesn’t have a practice of identifying security holes they patch with a new release. And sometimes a new OS version will make software stop running on a Mac. This is why backups are a vital complement to any security updating.Apple has brought out four updates to the Snow Leopard version of its OS now, updates that cover just a nine-month period. Not every one had a security benefit. But the state of security is so tenuous now that your Adobe PDF software, browser, and OS should be considered at risk if you haven’t seen an update in 90 days.

Browsers and Adobe software are the chief targets for hackers, since they cover so many more victims than just Apple’s products. More than 360 million people are using Firefox as a browser, for example, on both PCs and Macs. Adobe’s Flash and Acrobat readers run on hundreds of millions of systems. Adobe just introduced a 9.3.3 version of Acrobat to improve security.

As diligent as Apple and Adobe might be (some say Apple’s sluggish at best about security plugs), the vendors can’t do a thing to help secure your business if you don’t install updates. The rule of thumb was once “don’t install if you don’t need” an update. But security issues are much more serious by now. You can balance the time spent downloading and upgrading, the checks of your applications afterward, against the dangers of running an unprotected system.

About 30 minutes of downloading and watching mysterious messages — things like “optimizing” or “unpacking packages” or “moving items into place” or “registering components” — plus a reboot, and my iMac was running 10.6.4. I did the usual first step after an upgrade — started all the apps that matter to my workplace.

The Apple apps don’t need checking — Apple’s done that in its own labs. But the likes of Adobe CS apps, QuickBooks 2010, Microsoft Office apps and even reliables like Eudora, an antique mail program. 10.6.4 updates Apple’s Mail, as it turns out — so my add on Mail Tags software needs to be updated.

The Mac enjoys an easier time in security because Apple’s product is a less juicy target. Malware and viruses are designed to make money for criminals, and the number of PCs out there running bareback is 10 times the number of Macs. Security by obscurity only works until it doesn’t. It’s just a matter of time, sad to say, before the criminals fan out and try to rob your system of power or privacy or both.

Anti-virus software (AV) is not just the paranoid geek’s tool anymore. The last virus we detected came off a Web page, and we last had data corrupted in 1997. But things have changed since Apple moved to Unix underneath it’s OS. Oh, and there’s that thing called the Internet, plus the Flash videos you may use to gather research (like from the Wall Street Journal’s site, now that they’re owned by Fox.) Flash, and Adobe’s Acrobat PDF files, are a big target for malware today.

You have more than one choice for a commercial AV tool for your systems (that wasn’t the case in ’97). What you buy probably should provide both firewall and virus protection. Two leading companies offer very different value propositions in their AV software. MacScan commits to a fixed price, while another supplier uses a subscription fee+purchase price model.

Today we look at MacScan, software built by a company that started tracking viruses in 2002 on the Mac. For five years MacScan didn’t even sell software; it simply created the definition files and patrolled the Web for criminal weapons. Since ’07 they’ve sold MacScan, which despite claims from its competitor Intego, still looks like a worthy value for AV.

Intego, whose products we’ve run at Bites HQ for more than three years, now sells a $49.95 X6 edition of VirusBarrier that protects two Macs. The MacScan 2.7 software protects three systems for the same price. (There’s also a 1-Mac license for MacScan for $29.95; Intego sells only its 2-Mac license.) Figuring the relative value requires you to consider the protection scope of such products. MacScan’s product manager told us at Macworld that the company ships along regular updates of the virus profiles, at no extra charge.

MacScan makes a significant point of examining Web cookies, a source of malware targets, in its regular process. A half-full iMac in our offices took more than an hour to probe with MacScan, but the AV software found nine tracking cookies in the first minute. And no viruses or other spyware. We got an option to disable these ad cookies after MacScan caught them.

A tracking cookie is not something you allow easily into your Mac. While you might not want to erase all of them, these are used by advertisers on Web sites to track your Internet use: where you browse, how you jump from links, even the information you enter into forms online. A fine article on the World Privacy Forum’s Web site explains that “allowing the tracking types of cookies to follow you around as you surf the Web is a lot like building a see-through house to live in, click by click.”

MacScan doesn’t reach any deeper into the malware world, though. It’s good at finding troublesome files on the system, but it won’t do a thing to block access to your computer. Apple’s firewall is the default for the MacScan user. While that’s better security than none, it might not be enough to keep prying spooks from hijacking your bandwidth.

Doing one thing well, and affordably, is noble and true to the Macintosh Way. We like to see more of what back doors might be open on our Macs, however. The extra features of firewall improvement are included with the new VirusBarrierX6. But they’re not easy to use, or so valuable that Intego could keep selling this super firewall that it once called NetBarrier as a standalone product. That’s for Monday, though.

Meantime, be careful where you browse in the course of your business. Steve got attacked while shopping for business travel at Expedia. You should always look extra closely at any dialog box on the Mac that advises you to update for security reasons. Apple’s software will never use this language, just advise you an available software update.

By Steve Hardwick, CCISP

Should you be worried about a Web drive-by attack? First off, what is it?

Most Internet users are not familiar with the concept of a Web drive-by attack. The one I recently encountered was scary because of its simplicity and how it preys on security fears. It also underlines how easy it is to create attacks that are targeted to specific operating systems. Mine took place in Windows, but it would be easy enough to target the Mac OS, too.

To be able to infect a computer in a drive-by, the hacker has to trick the end user into loading a piece of malicious code. In the past this was done using e-mail attachments and other applications that were used for file transfer. However there is a growing threat where your Web browser (Firefox, Safari) is used to trick you into downloading and running the virus code. Here is a walkthrough on what I recently encountered as it gives a good understanding of this type of attack. (For anyone who wants a much more in-depth explanation, Virus List is great site to visit.)

I was going to various sites, trusted sites that I have used in the past without any problems. As I arrived at Expedia.com, one of my favorite travel sites to look at air fares, the following screen popped up. When I saw it, my first thought was that I had a virus on my system.

The screen displayed on top of the browser looked identical to Microsoft Forefront Client Security interface, which is the antivirus software (A/V) installed on my PC. Even the progress bars moved on the display and the virus list was populated. To all intents and purposes it looked and felt like I had a bad case of several viruses on my system. After the virus list had been completed I got the two more screens.

Fortunately I am well-versed in security products. As soon as I was asked to run a program outside of my A/V application the alarm bells started to ring. I also noticed that the file had been downloaded to my PC from a Web site I did not recognize. This is not usual behavior for an anti-virus program. So I decided to hit cancel. When I tried to close any screen I saw the screen above.

Now I was definitely concerned.

I took a quick look at my process monitor and I saw there were three browser windows open. Each one of the these two new “Windows” screens was a Web page. Plus the warning message was also a Web page. This told me that that my antivirus was not sending these messages. They were specially-constructed Web pages. I looked at the “Forefront” page and got the source URL The I took a quick visit to www.samspade.org and found out that this was a site out in France and not a site that I knew to be good. So I now knew it had nothing to do with the travel site I had gone to, or Microsoft Forefront. To stop this whole chain of events I had to shut down the browser application using my process monitor. (On the Mac, you’d do a Force Quit from the Apple menu, and you should.)

So how did this happen? Some technical details follow.

First the hacker constructed a simple set of Web pages to emulate ForeFront and trick the user into downloading a virus program. The virus progam was automatically downloaded as soon as the “Forefront” page came up. Once the user clicks OK to run the bogus “clean up” file the virus is installed and the hacker is in business.

The next thing is to load the Web pages and the virus on a Web site. In this case it was n6-scanner.com. It would take some skill to bypass the Web site security and load it, but on the whole this can be relatively easy to do. Web sites can be a very fertile ground for unpatched operating systems. (Ed. note: A very good reason to update the Mac OS with Security Updates — if only Apple would supply them sooner.) The hacker’s last step, the hard part, is to get you to go to a second Web site to load the code to direct the end user to the target site. This can be a simple HTML redirect, or a more sophisticated script line of code. The attack works best if this is a well-visited site, which is why it is harder. Once this last step is completed the hacker’s work is done. Just wait for the virus to distribute and take effect.

Why is this a very dangerous attack?

Well, the first reason is that it is relying on end user behavior. As soon as the user sees that there is a virus reported on their machine their first instinct is to get rid of it. The thought that the screen they are seeing is not the antivirus software is not immediately obvious. Most Windows users are now used to seeing virus attacks and want to get them off their system as soon as possible. Consequently many would click straight through these bogus screens without a second thought.

Next, the attack had bypassed the antivirus system. Hopefully, the A/V would have thrown something up after the viral payload was executed, but it may not have. The affectivity of the A/V is only as good as the last update. So if it is a recent virus, and the user had not updated their A/V definitions, then anything could happen.

The Web pages can be tailored to specific operating systems. In my case I saw a Windows based application. Your machine will send a lot of information back to the Web server about what you are using. If you want to see what you are sending out, go to Shields Up on https://www.grc.com and run the Browser Headers check. You may also want to run some of the other tests just to see how secure you are. So it would be fairly easy to construct an attack that was design to attack an Mac based system — that is, to switch the screen the user viewed and the downloaded payload. This is what came back on my system

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.33 Safari/532.0

Finally, the Web pages and the launching script can be placed on multiple Web sites. The attack codes can be put on different sites too – they do not need to be collocated on one site. The launch code can be added to multiple Web pages on a single site. So a Web page on a trusted site can get infected. One day the site is safe, the next it is infected.

What you can do to protect against this type of attack

Many users are not familiar with their antivirus software. Take a quick look at your software’s manual (I know, that sounds unpleasant).

• Find out what your A/V software does should it hit a virus: what messages it displays and what operations it will take to quarantine and remove any viruses it finds.

• Take a careful look at ANY program that is launched on your system from a Web visit. Make sure you know where it came from. If in doubt, do a quick Web search on the file name. In many cases this kind of program contains a virus payload. In some cases, especially a drive-by, the file name may be automatically generated. You will have to rely on looking up the URL of the source site. Sam Spade is a great site to get information on who owns the Web site.

• A great fundamental protection is to add another user account on your system, even if you’re the only user of your Mac. Your first is an administrative account and the other is a user account with no administrative rights. The second account is the one that you use most of the time. It does not have rights to install new programs. This may block this type of attack and stop the program load. The administrative account would be used when you want to load a safe application.

• Lastly, you can active a security scanner to your browser to detect dangerous sites. Firefox checks for these, working from a list of known dirty sites. Google’s Chrome, when it is released for the Mac, will have this capability, too.

Steve Hardwick has over 10 years of information security experience. He has worked with different environments from military customers, financial institutions, healthcare organizations and Fortune 1000 companies, as well as conducting security assessments for large and small corporations. He is currently Partner Manager at Mobile Armor Inc. providing cost effective solutions for securing and protecting mobile data.

On the other hand, system maintenance is a means to get more out of the Mac investment. This week Koingo Software is offering MacPilot Lite as a free download to users who’ve purchased Koingo software in the past. The full version of MacPilot is also on sale in an Essentials Bundle (along with three other tools such as the nifty Alarm Clock Pro) — and it’s worth the space in your system administrator’s toolbox

Yes, you are the system administrator of your Mac. While your expertise is probably in creating a product, delivering a service or managing a business, a small office or single-proprietor business usually has someone to manage computers: You. So as a present to yourself for the coming business year, a tool like MacPilot or Onyx (a free tool) is a worthy investment.

Koingo sells MacPilot as competing product to the free Onyx, so MacPilot has got to work harder. Koingo explains that MacPilot can

Optimize your network for broadband connectivity, completely customize Apple File Sharing, perform essential maintenance without having to remember mind-boggling acronyms, and much more. However, those are just a few of the many reasons why MacPilot is your choice over Cocktail, TinkerTool and Onyx!

There’s a deep feature list for MacPilot along with a free 15-day trial of the full product. The longer you use a Mac for your business, the more you’re likely to appreciate the facets of file-sharing in your office network or getting the most out of your broadband connection. The Mac OS is deep and can be fine-tuned to return the best value for time spent at your keyboard and mouse. But Unix, the core of Mac OS, is arcane and byzantine. Something like one of these tools is like having the teacher’s version of the Unix textbook, with answers in the back, sitting on your work desk.Koingo lists all that its MacPilot can do right away, in its setup screen. While some of these are available on the Mac’s software, having them inside one toolbox makes it more like you will use these features.

Finder — Toggle Finder visual effects; Hide & disable Finder menu items; Enable the Cut Finder menuitem; Change the Finder Label Line Count; Add a Quit menu item to the Finder; Disable Desktop Icons; Show invisible files; Enable slow-motion visual effect mode

Dock — Toggle the Dock Shadow; Toggle feature to turn icons for hidden applications transparent; Lock the size, position, orientation, contents, magnification, and effect of the dock; Show invisible files in Dock menus; Add a Quit menu item to the Finder; Change the orientation, pinning, and effect

Safari — Forget that Netscape, Mozilla or IE bookmarks were imported; Show the Safari build number in the window title; Enable tool-tip mouse overs for links; Change logging options; Show the Debug menu; Disable PDF support; Change cache & history limits and options

Mail — Use Plain Text message content by default instead of HTML; Show invisible control characters in message source; Change bundle compatibility version; Enable numerous logging options; Enable or disable bundles

Disks — Automatically mount disks without user login; View detailed disk information such as partition type, free space, boot flags, and more.; Verify disk permissions; Repair disk permissions; Change UPS and Battery disk spindown time; Enable or disable journaling

Login Window —Disable console access; Hide admin, network, and/or local users; Kiosk mode; Disable the restart, shutdown, or sleep buttons; Use text fields instead of user icons; Show input panel; Show “Other” users button; Change the background picture; Modify the welcome text and size; Adjust the startup delay after login; Show admin host information such as host name, system verison, IP address, etc.; Increase/decrease the count of retries given on a password until the hint is shown

System — Change the startup mode to Normal, Verbose, Safe or Single; Specify custom boot arguements; Change the default umask for file permissions; Disable the secondary processor (if applicable); Show kernel panics on screen; Disable the startup chime; Limit RAM available to the system; Turn power button into Programmer’s Button

Network — Disable .DS_Store file creation across networks; View detailed network statistics and setting information for each device; Change over 10 advanced network settings such as buffer size, RFC compliance, and NewReno.; Optimize connection for Broadband

Sharing — Advertise Apple Personal File Sharing on AppleTalk & Bonjour; Allow SSH tunneling; Grant admin users root access; Automatically create home directories for file sharing users; Enforce quotas on home folders; Use home directories; Limit Mac OS X admins to only seeing share points; Limit Mac OS 9 users to only seeing share points; Allow root login; Allow clients to sleep; Allow admins to masquerade as other users; Auto restart server after crash; Notify client if the server is full; Send login greeting only once to users; Enable Logging; Disconnect idle users; Change the login message; Change the warning message when disconnected for being idle; Modify the maximum allowed sleep and idle time; Adjust log retention based on size and/or age; Set a maximum connections limit; Limit number of concurrent threads; Limit number of allowed guests; Change the AFS port

Tools — Update locate database; Verify preferences integrity; Update/Rebuild prebinding; Erase Spotlight index; Erase unused preferences; Erase .DS_Store files; Repair classic permissions; Erase icon cache; Update whatis database; Rebuild Launch Services database; Lock & Unlock files & folders; Force empty trash(es); Create Symbolic Links; Force delete files and folders; Erase recently used file records; Recreate Mac OS 9 desktop link; Clear user cache; Run all, daily, weekly, or monthly cron jobs.

Other — Change the default fonts used within the system and application windows for monospaced fonts, messages, labels, title bars, tool tips, and more; View, empty & delete logs; Show the Debug menu in Address Book, Sherlock and Apple Remote Desktop 3; Allow the mouse to auto-active terminal windows; Disable disk image checksum verification; Show advanced disk conversion settings in Disk Utility; Enable Expose picture in picture mode; Force iPhoto to ask for a launch after a hot plug; Enable Dashboard developer mode, or disable Dashboard altogether; Show active screen corner markers; Display the Expose blob; Disable the scrollbar in the Terminal; Place an Eject Disk icon in the menu bar; Change the screenshot format, name and destination; Change window resize speed, font smoothing, and scroll arrow positioning; Set the Crash Reporter mode to short or full, or disable it all together; View detailed system statistics; View, copy & print a Character Map for the given font; Access a huge list of Macintosh hidden key combinations; Complete port list; Error Code list with definitions for Mac OS 6 through Mac OS X.

That’s a list long enough to make most users’ eyes glaze over, but it’s clear that Koingo is selling this toolbox of utility on its comprehensive feature set. Just a couple of items in the Other category become useful. If you’ve got a Dashboard widget you love to leave onscreen, like a calendar, then the Dashboard Developer Mode makes that possible. If you take screenshots for illustrating articles or operations manuals (I do this a lot), you can specify that those screen shots come in as JPEG or GIF files, instead of the Mac’s PNG default format. (It matters if you’re posting to Web sites or blogs.)

MacPilot is on sale along with three other Koingo tools (for that superior alarm clock, reclaiming disk space, and making an ultra-secure spot for sensitive information like passwords and customer lists) at $49, about 35 percent off list price.

This security update closes a hole that permits hackers and spammers to take control of your Internet feed — turning your Mac into a drone for the transmission of spam and other communication you’d rather not be associated with.

Simply run Software Update and accept the upgraded Java file that Apple recommends. It’s a big one at 85 MB, but essential to maintaining control of your system. Apple released the patch on Friday (December 4), so it’s recent. And needed.

Review by Steve Hardwick

Many computer users are taking advantage of the wireless technology in their home and small office networks. Unfortunately, many are unaware of the dangers that this can cause if not implemented well. In many cases the initial set-up for wireless equipment gives an easy to use but very insecure network. Take Control of Your WiFi Security, a $10 e-book from Take Control Publications, provides a lot of very useful information for setting up secure wireless networks.

One key element of security, often overlooked in similar publications, is to understand what you are protecting against. Not only does the book’s quick-start guide begin with assessing the threats, but there is a reasonable section on determining your security risk. The three L’s approach — likelihood, liability, and lost opportunity — serve to simplify the definition of risk principles. The section also included some good analogies to illustrate these principles.A couple of topics are not as well covered. First is the danger of illicit theft of internet bandwidth, especially if used for illegal access (e.g. neighborhood teenagers surfing adult sites). Second is the impact of identity theft. A quick discussion of this topic, especially the financial cost, would have been very helpful to the reader.

In the section on preventing access, the authors give a good overview of WEP, WPA and WPS security protocols. There is a fairly complete roundup of the various encryption standards and their evolution. There’s also a good review of the flaws of WEP and the dangers of choosing this encryption methodology.

This prevention section includes some real-world examples of how to set up networks to utilize the various router elements. It contains great examples of using some of Apple’s unique approaches to solving network access set-up. Guest networking was a useful inclusion, as many networking books do not address this problem very well.

“Secure your data in transit” opened very well. However, it does assume that you have some basic understanding of application protocols such as SMTP, FTP and SSH. A quick primer on basic encryption, such as symmetric versus asymmetric, would have been useful for a novice reader. Although a lot of information was presented and is very relevant, it is difficult to work out how it all fits together. It does give the reader enough information to ask the right questions of their ISP, but not all of the capabilities described are generally available to the home or small office user.

When it comes to protecting your systems, the book presents some really good concepts that apply to both wireless and wired networks. This section did assume that the reader had a basic understanding of IP protocols and infrastructure; for example the function of “ports” for different services is assumed. To get the most benefit from this section, you will want a review of basic networking concepts. This also applies to the last section in the book that deals with small offices networks.

In general, this book is a valuable tool when starting to deploy home or small business wireless networks for Apple computers. The quick-start section at the beginning, with the embedded links in the e-book, gives a good way to set up a secure network systematically. The book does tend to switch from addressing a novice user to a more network savvy individual, so it may be a hard read for a neophyte to get through some of the sections. On the other hand it does provide a good reference book for a lot of the technology used in WiFi networking. When coupled with a basic IP networking book, this would allow the novice user to tackle most WiFi security challenges.

Steve Hardwick, who holds a CISSP certification, has over 10 years of information security experience. He has worked with different environments from military customers, financial institutions, healthcare organizations and Fortune 1000 companies. He has also conducted security assessments for large and small corporations.

Five places to do a better disk upgrade than inside

Mac accessory supplier iFixIt is selling a solution to add two bigger drives inside the well-sealed-up Mac Mini. The concept means cracking the case on this half-shoebox sized computer and replacing the Superdrive with a faster and bigger disk. No more CD/DVD option after this.

Any plan to crack a Mini for this is crackers. The Mini runs without a fan and manages to keep itself cool enough to keep operating. But the back of that little miracle is warm-plus with just one drive running inside. With a Firewire 800 port on the back, putting another heater of a drive inside asks for trouble that Apple won’t fix.

Upgrading the memory inside is a different, better reason to use a putty knife to get that case open. Apparently once you get 2GB of memory inside, the Mini can recognize 256MB of it for better graphics performance.

But adding that memory happens one of two ways: You buy the $799 unit from Apple in the sealed and warranteed case, or you get inside to beef up the $599 model to 2GB. Just because you or your geeky pal can do something like update memory for you doesn’t mean you should. Saving $200 on the cheaper unit (well, about $175 after you buy the extra memory) could cost you later in warranty. The smaller the Mac, the more chance it will need Apple’s service if something goes awry. It’s close quarters inside there.Or get that geek-pal’s number and a backup system for when the Mini gets to be hot stuff. Cooling is an overlooked part of keeping computers happy. You could crank up your air conditioning to Stun, but that would spend the same $175 in the power bill. Seems safer to leave the insides to the Apple on this Mac.

Adding those bigger replacement disks also seems like a lot of work for not much boost to the computer. Agreed: The Mini’s built-in disk is a slowpoke at 4200 RPM. But the replacement disks only run about 30 percent faster while they add that heat. It’s a plastic case, friends. Leave the extra storage outside, attached to one of the five, count ‘em, five ports, USB 2.0 or Firewire 800.

Time Machine gets the vote here for the newer systems (those running Leopard). Yes, it takes a little trick to get a Time Machine drive ready to boot up in case of a crash, but it’s worth it. Mac OSX Hints has the process here. Well worth the time.

As for Retrospect: Yes, as a business we’ve used it, but it takes tinkering. I’ve probably spent the equivalent of 10 hard drives in rewritable CDs and then DVDs staying backed up. It might be worthwhile to have several hundred versions of the InBox from your e-mail program, but I’ve only looked at a handful of these snapshots over a decade. SuperDuper is far superior to keep a current version of your drives backed up. At $29, it’s too cheap to overlook.

Once a week I schedule a Retro backup onto the DVD plastic. I’m not sure why, but there’s all those years of habit.

Offsite storage is good. I use CrashPlan on the newest iMac and BackJack for our Tiger systems. Each is about $45 a year for storage over the Internet to a remote server. The latter is great at telling you what it’s doing, right down to an e-mail verification. It works the way Mozy did here during 2008, until EMC (them again!) spoiled its Mac interface.

Just this morning I read of another method for offsite backup: Find a Mac buddy who you can have coffee with once a week and swap backup hard drives with them. Do a Carbon Copy Clone of your drive before you go have your grande latte. That way you’re at worst only 7 days behind on a backup in case of a fire. Be serious about the relative value of an offsite backup in the aftermath of a fire. A billboard near my office reminds me that more than 4 out of every 5 businesses — small or large — cannot resume operations after a disaster.

Composer creates packages, the Mac’s method for installing software. As the JAMF knowledge base Web page says,

When software is purchased from manufacturers it must usually be configured or customized to meet the needs of the end users… Using packages allows changes to be made prior to distribution so software arrives configured and ready for usage. This saves valuable engineering time, as well as network bandwidth because you are only distributing what is necessary.

The tool can be had (in an SE version) for as low $99, or part of the Casper Suite of admin tools. It consists of a Composer module to make packages from any files on the Mac (handy for distributing templates plus letterhead, for example) and Composer Admin (to tune a package into delivery configured for end-users).