I read Michael Dragone's review of Spiceworks 4.5 (InstantDoc ID 125235), and I’m wondering whether anyone has performed a security analysis on the software—I'm always skeptical of free software. One of our administrators installed the tool without permission and entered in the Domain Administrator account, so I'm a little concerned. Any suggestions?
Thanks for reading the review. I’m not aware of anyone having done a penetration test or code review of Spiceworks, nor have I come across anyone who has done a packet trace on a machine running Spiceworks. That would be my suggestion: Use Microsoft’s Network Monitor or a similar tool and capture the packets that Spiceworks sends and receives in a lab environment. Of course, in your case, it’s too late for that, so it would be a good idea at this point—if you’re still feeling uncomfortable—to change your Domain Administrator account password (if you haven’t already). The downside to this is that Spiceworks sends and receives packets to the Internet over SSL, so you’d only see encrypted payloads sent to and from them.
Personally, I don’t believe Spiceworks was written with any malicious intent, but I agree with your wariness and certainly appreciate your concerns. I’m always a little apprehensive when using a piece of software such as Spiceworks that I know will be both accessing the Internet and enjoying high privileges on my internal network, regardless of whether the software is free.
Frustration with Windows Phone 7
I read Paul Thurrott’s Short Takes article, “Microsoft Sort of Admits Carriers Have Delayed the First Windows Phone Update(s)” (InstantDoc ID 129871) and listened to his Windows Weekly podcast dated March 10th (http://twit.tv/ww199). His frustration with Microsoft over the Windows Phone 7 updates is clearly evident and justified. These days, when Wag the Dog seems to be the law of the land, it's good to see Paul with the fervor to hold Microsoft’s feet to the fire. I delayed purchasing my first smartphone, awaiting the delivery of Windows Phone 7. I finally tired of waiting and purchased a Droid X. As things have turned out, I'm very glad that I did. I might try a Windows Phone 7 device one day, but not anytime soon.
Thanks for the high-quality journalism, the intelligence, and (yes) the entertainment value you bring to the Windows Weekly podcast. Just hang in there—I'm sure I'm not the only person disgusted with Microsoft's handling of this phone situation.