Virus, Malware, Spyware, Oh my…
In the current age of global economy, no business can afford to be without access to the Internet. Unfortunately, there are a growing number of threats that cause headaches and frustration to novice and professional users alike. Below is a list of the 5 most common things that I hear when a client has an infection.
1. “But I have a firewall” – While a firewall is an essential part of any business network, its function is often understood incorrectly as the ultimate protection from the outside world. This isn’t really the case. The function of a firewall is to protect your network from outside intrusion. Your internet router is a door, and the firewall is the security guard asking if incoming traffic has permission to be there. Instead of just a simple firewall, you might consider a Unified Threat Management (UTM) device. There is an additional cost, but UTMs enhance the protection of the network by combining the technology of antivirus and even antispam with a firewall. They not only ask whether the traffic is allowed in, but also what kind of traffic it is.
2. “But I have antivirus” – Antivirus software is similar to the inoculation shots we all received as a child. First, the infection was identified. Then the cure was developed. And, just like the flu every winter season, as the strain of infection changes, a new cure needs to be created. One of the biggest things that can help is to make sure that your anivirus software has current definition files, and that the software is up-to-date. Using Norton or McAfee 2009, even with the most current AV definitions, will not be as effective as the current software version and today’s definitions.
3. “I didn’t do anything, it just installed itself” – While this statement may seem true, most current infections require some sort of user interaction, even if we were completely unaware of it. Attackers insert their infections and malicious code into everything from hyperlinks to even web images. The act of clicking on a picture on the internet can launch code that installs the infection into your computer. The code may even have a time bomb aspect which delays the infection so that it becomes harder to track the source of the malicious code. It also gives the infection time to insert itself into your computer's restore points and backups.
4. “I don’t go to those kinds of sites” – Malware and Viruses can be found nearly everywhere, embedding themselves into any picture, icon, or link on the web. The use of Site Advisor software may help mitigate this threat.
5. “I knew the person who sent the email” – This recently caused issues for some of my friends. My Yahoo account was used to send an email containing an internet link that took users to an infected site. This email was sent to people in my address book at 2:30 AM on a Friday night, which is not a normal time for me to be sending emails! Most of the people who received it realized it was malware and deleted it right away. Others saw the subject line, which said “About your stomach problems”, and realized it didn't apply to them. Finally, some people noticed that the only text in the email was the internet link and nothing else. For the one or two people who were tempted to open the email, this was the final red flag that scared them away. So when opening an email, remember these guidelines: First, see who it is from, and avoid opening emails from unknown senders. Second, check when was it sent - is this a time when that person would normally be sending me emails? And finally, look at the content of the email - is it something that this user would send me?
You do not need to be a rocket scientist to protect your computer; just be vigilant and use common sense (which often is not so common). If you don't, you will have to call the Wizard to get rid of the evil witch that infected your computer.
hope this helps; till next post,
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Thy Buffer Runneth Over
What exactly is a buffer overflow? To answer this question, we have to understand a little bit about how computer programs use memory. A computer program consists of two things: 1) A set of instructions, and 2) A set of data that those instructions will operate on. Normally, all of the instructions are loaded into memory when the program starts. Data comes in from some input source, either disk, a user interface, or the Internet, and gets stored in memory temporarily so that the computer instructions can use it. Finally there is some output data, which is created within memory and then moved to an output device, which again may be a disk file, a user display screen, or the Internet.
The program has to arrange for a place within the available memory to store the data. You might think of computer memory as a plot of land, with different sections separated by fences. The computing instructions go into one fenced-off area. From there, they direct the data into, and out of, a different fenced off area or “corral”. So what happens if some of the data decides to jump the fence, and trample all over the instructions?
Luckily, data doesn't have a mind of its own. But, suppose your program doesn't have a very good fence. Or, suppose the programmer drew a line in the dirt where the fence was supposed to go, but forgot to actually build it. Then, suppose you get some data coming in that doesn't fit inside the corral. It's going to overflow right into the instruction area.
If this happens by accident, the most likely outcome is that the program will either freeze or just crash. There's also a chance that nothing strange would happen, if the data overwrites some instructions that are not going to be used. But there's also a slim chance that the data might be interpreted as program instructions, and cause the program to do something it’s not supposed to.
Enter the hacker. If someone knows enough about the structure of a program and the operating system it is running on, they can predict the "size of the corral" that is supposed to hold the data. They can also tell the exact place in the program instructions where they could intercept the program flow. Then, they can craft some input data that is bigger than it is supposed to be, but is just the right size to "jump the fence". They add some special instructions in just the right place. They send the data to your program, where it leaps into the program instruction area and it takes control of your computer.
If this sounds scary, then I've succeeded! It's easy to find instructions on the Internet to take advantage buffer overflow vulnerabilities. Websites like packetstormsecurity.org and exploit-db.com list updates on new vulnerabilities that are being discovered every day. Hackers monitor these sites, but so do security professionals and software developers. This is why it is vital to always keep up with the latest patches and security upgrades. It's how you can keep your fences in good shape, and the data in the corral.
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Backup vs Disaster Recovery vs Business Continuity
You’ve heard me preach in the past about good backups. A backup is no good unless you can restore your data and get “back up” and running. I’ve had clients ask me about Disaster Recovery plans, but sometimes I’m not sure they really know what that means. Do you know the difference between backups, disaster recovery, and business continuity? Which is right for you? Your level of paranoia about your network will determine which one(s) you need, and which you are willing to pay for.
Backup: This is the simplest and least expensive of the options. A backup is like a spare tire. It is an extra copy of your data. In case you delete a file by mistake, or some data becomes corrupted, or someone modifies a file but needs to get the original one back, you can retrieve an older copy quickly and easily. There doesn’t have to be any interruption to the rest of your network, and other users should not be inconvenienced.
A backup may be created on tape, on a USB drive, or offsite over the Internet into the cloud. Tape backups are NOT for Disaster Recovery or Business Continuity, since you can’t run applications from a tape. We have been actively moving clients to USB drives or network attached drives for backup, and in some cases backing up into the cloud.
Disaster Recovery: Your server or main computer just crashed. It’s no longer functional, and you can no longer get to your data. Disaster Recovery means getting you back up and running once the failed components are replaced. The quicker this takes place, the better. If you are using tape backup, it means reinstalling Windows and the backup software before a restore can take place. And if your backup system is configured to backup just data, then you need to find all your applications and reinstall them too. This process will take anywhere from 1-2 days, if you have access to all your application media.
If your backup process includes taking an image of your server, recovery time can be measured in hours, not days. This is the process we are now recommending and implementing for our clients: Local backups that include an image of their main computers, and also ALWAYS getting a backup offsite.
Business Continuity: Business Continuity gets your business back up and running after a major disaster, such as a fire, tornado or earthquake. It involves not only your computers and data, but your actual workplace as well. This is obviously a much bigger deal than just restoring data or replacing a server. It means having access to a facility with computers and servers available to you.
If all your data and applications are in the cloud, you probably don’t need this. All you have to do is go home, or to any location with internet access, and you can get to your data.
This does not even touch on the procedures that need to be developed to communicate to your staff about what to do and when. This is not an easy undertaking, nor is it inexpensive.
What is the cost to your business if your computer system is down? How long can you afford to be down? Answer these questions, and it will lead you towards the backup plan that is right for you.
Till next blog,
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Shopping Online with Amazon
I recently decided to make all my non-perishable purchases online. What I found was with a little bit of creativity and patience, I was able to get almost everything I needed through Amazon. Amazon offers the average Internet shopper an abundance of options to make their lives much easier, including flexible shipping options and a huge variety of wares. I was able to get everything I needed, from the comfort of my home, delivered within two business days. The flexibility saved me time and a lot of headache.
Amazon has changed the way we shop for almost everything (besides groceries), and it is often cheaper than retail stores. When Amazon launched in 1995, it was a fledgling online bookstore that sought to compete directly with stores like Barnes & Noble and Borders. As those “brick and mortar” stores began to close because of competition from online stores, Amazon picked up their market share, and currently has a net income of over $1 billion. By comparison, Barnes & Noble has only an income of $76 million.
Amazon's customer service is also one of the best. Occasionally boxes that are left on my front porch succumb to theft . If this happens, I contact Amazon and they will quickly send a replacement—usually with next day delivery. In the unlikely event that they have committed an error, they will fix the problem and provide compensation like a gift certificate. They have a wonderful customer service model that makes it attractive for their customers.
Nowadays, Amazon sells more than just books. They have a host of things for sale, including home improvement supplies and household items. This is what gave me the idea: could I buy everything I need through online stores like Amazon? As an experiment, I tried it for one month. What I found was that yes, it is possible, and also advantageous for a young professional like myself who lives in a city where transportation is sometimes a pain. I was able to find such unlikely items as toilet paper, Tide, Halloween candy, furniture, and many others. It was easy, simple, and straightforward.
Amazon continues to grow and expand its business. It has recently invested immensely in its media market, including e-books and streaming services. This service is directly competing with both Barnes & Noble and Netflix. In these new channels, it looks like Amazon may be beating out its competitors. It was the first service to get e-books to be widely used. And it has recently reached huge deals with the four major TV networks for its streaming services.
As long as the Internet is a viable option for people to shop and use as entertainment, Amazon is here to stay.
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Why Hire a Consultant?
As a consultant, I am frequently asked why people would want to hire my company. There are a number of reasons: experience, cost effectiveness, objectivity, and independence. Depending on your situation, some or all of these attributes may be enormously valuable to your business.
What is a Consultant? Dictionary.com defines a consultant as a person who gives professional or expert advice. Consultants do give advice, but they frequently also perform tasks that result from that advice. Those tasks can range from running a public relations campaign to building a customized order fulfillment system.
It's important to note that consultants are not temporary employees. They are business people selling services to clients. Evaluate potential consultants as you would any other type of vendor.
Experience: Good consultants have valuable experience in one or more areas of specialty, and they can use this experience to your advantage. Consultants, by the nature of their business, frequently work on more projects than employees in the same field and generally do so across many more organizations. As a result, they may have seen more successes and more failures, enabling them to learn from both. They also interact with many different types of people and learn to adapt quickly to new situations. Finally, consultants must keep up with industry trends in order to maintain their expertise.
Project Work: Whatever your business is, you likely have projects that are out of the line of daily business operations, but are important to your success. Even if your staff has the expertise needed to complete these projects, can they accomplish their daily tasks, and still execute the additional work required for the project? What if they don't have the expertise? In either case, hiring a consultant may be the answer. They can provide missing expertise and relieve pressure on your staff, enabling your business, and your cash flow, to continue humming along.
Part-time Work: Sometimes you have a need that doesn't require a full-time employee, but is too much for existing staff. A part-time employee might be an option, but sometimes it can be difficult to find an employee with the right skills who is willing to work part-time. A consultant who provides the needed services might be able to fill your need, particularly if the amount of work varies. Employees generally want a predictable number of hours (and thus a predictable paycheck), while consultants are accustomed to clients whose needs come and go.
Cost: Whether you are looking for project help or part-time assistance, the expertise and experience you need can be expensive. Particularly when it comes to specialties that are in high demand, it can represent a significant payroll cost to hire someone full time. Hiring a consultant represents a way to acquire the needed expertise, at a cost that is lower and shorter in duration.
When comparing the cost of using a consultant to the cost of hiring an employee, remember that there is more than just payroll. You must also factor in employee overhead expenses that do not apply to consultants, such as your half of Social Security and Medicare, FUTA, SUTA, and other benefits.
Objectivity: Consultants have no vested interest in existing ways of doing things. They also bring another perspective to the table. Both of these attributes can be valuable, particularly if you're dealing with internal biases or resistance to change. Sometimes just having an idea pitched or endorsed by someone perceived as an unbiased outsider can be useful.
Office Politics: Like it or not, office politics can be a significant factor in business. Fiefdoms are built, friends and enemies made, and bailiwicks guarded. Consultants are not part of office politics and do not have an agenda; they just want to serve their clients. This neutrality can help avoid political conflicts, and, when combined with objectivity, can cut through obfuscation and attempts to derail or co-opt projects. Most consultants have been through this multiple times, and are skilled at identifying, overcoming, or even working around political agendas.
Hiring a consultant is not the solution to every problem and not always the right fit. In many cases, however, it can provide significant advantages in experience, flexibility, cost, objectivity, and impartiality. The next time you find yourself with a project on your hands, think about these factors, and consider whether hiring a consultant might be the right move.
Happy Thanksgiving!
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Virtual Conference Saves Money
By attending a conference virtually, I saved money in more than one way. First, attending via the Internet saved me the travel money. Second, I became aware of an industry trend that has changed how I spend the business money and my time.
In March there was a conference that I was interested in, but my only option was to attend the conference virtually. I would be able to hear some sessions as they happened, and I could listen later to any sessions that I missed. One session that I was able to listen to “live” has proven to be vital.
Since I was attending via the Internet, I missed the personal contact and especially the discussions between sessions. Apparently this particular session caused a lot of controversy, and even anger. When the conference reconvened, a later session was being changed to answer more questions. I realized that I could hear that one live, and I’m glad that I did.
I decided that I needed to know more about this topic and signed on for more information. This meant webinars over a period of several months, and another conference in August. I checked the calendar to make sure that I could physically attend the conference. Through the webinars and the conference I obtained a better understanding of the trend.
In October I was able to physically attend a third conference in my industry. During one session, one sentence was spoken that explained the original controversy. Had I not attended the first conference virtually, this sentence would not have meant much. Now it changes how I spend my time and money. I now have a clearer understanding of the impact of cloud computing.
The virtual conference experience also let me pay more attention to information from other contact tools. My Outlook has become a great tool for checking who I know that may be impacted by a trend or company change. LinkedIn discussion group notices are telling me about input others are seeking. Facebook is allowing me to keep up with the actions of others. Blogs provide me with detailed information on a thought or action.
I have also realized that I am using the “old media” to get more details. The Internet is great for getting one-minute news info, but I like the longer interviews and in-depth topic reporting on some TV networks, and in some of the newspapers and magazines.
With the industry changes, and in this economy, multiple information sources are an asset. Each source is like a piece of a picture. If just one piece is missing, the picture may give a different impression. I am thankful to have the virtual conference as one more piece of the puzzle.
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Count Dracula's Business Lessons
Count Dracula was able to survive for several centuries because he knew how to keep his business “alive”. He followed some rules that any business should use.
Change processes when beneficial. For Count Dracula, the human form was not always the best. He learned to become a bat or wolf when those forms better served his needs. All businesses need to question business processes periodically. We need to adopt new processes when they make us more efficient. Always ask how a new technology, application, or method can help, or hurt, your business. Then determine if, when, and how to make the change.
Learn the new culture. Before traveling to England, Count Dracula studied extensively. He read books and taught himself the language. We should all be learning new communication methods. Applications are available for mobile devices, and we are sending more data to remote sites for better access by all users (Cloud Computing). Quick Response (QR) Codes are appearing in more ads every day. Our knowledge of cultures should be increasing. With several generations now in the workplace, businesses are adjusting to the differences. Knowledge of other countries’ habits, language differences, and holidays is increasing, since work is now spread around the globe.
Observe others. Count Dracula seemed to come out of nowhere, since he did not cast a shadow. He was able to observe the habits and characteristics of others. He then put them to use for his survival. We all need to take time to observe our surroundings. We need to notice the changes around us. We need to note when actions match words. More importantly, we need to note what is not being said and/or done.
Utilize your resources. Our biggest resource is time. Periodically we need to review the time spent on different tasks. Then we can determine if the task should be improved, outsourced, or removed. Count Dracula knew when to use others to perform tasks that he could not handle.
Decide how to handle problems before they occur. In case things did not go well, Count Dracula had an exit plan for England. He also had alternative plans for any part of the escape. We all need to plan for situations before they happen. After a storm or theft, what are the plans for business continuity and data recovery? If a new business process does not work, how do you get back to the previous process and what are the costs?
We all need to change, learn, observe, utilize, and decide about processes that can impact our businesses. These actions help us see the impact of the processes more clearly, and keep our businesses “alive”.
Happy Halloween!
Andrew Nevens
InnerTag
407-949-0106
anevens@innertag.com
www.innertag.com
Cloud Computing: EXPLAINED!
This blog post explains what that term means, and what’s in it for you.
What’s all this buzz about Cloud Computing, anyway? Basically it’s economics. Cloud computing means your Information Technology infrastructure, and all of its associated costs, are removed from your physical control, and moved to … well, let’s just say moved somewhere else. Instead of having servers, databases, backups, and archives physically located in your office, where you have to pay for square footage, utilities, repairs, configuration, and possibly staff, all of those things will be housed and managed remotely.
Isn’t that just the same thing as the Internet? Not exactly. The Internet serves many functions, including broadcasting information (and advertisements), providing communications and entertainment, and supporting a wide variety of commercial applications. When it comes to Cloud Computing, it’s using the Internet as a mechanism to run your own business applications, in a way that can be more flexible, more reliable, and cheaper.
You’ve probably already started the move to Cloud Computing without realizing it. Does your company have a website? Do you host it yourself? If the answers are “yes” and “no”, you’ve already started the transition. Your web hosting company is providing the platform for your website, along with whatever applications it serves up to your customers. They might also handle your email accounts, and at least some of your company’s data. If you use Google Docs, Facebook, Constant Contact, or any online backup service, you’ve already started pushing your company’s vital information into the Cloud.
What about security? OK so maybe your email and some customer information already lives “offsite”. But do you really want to move all your company’s data and primary internal applications? The cost calculation is easy – just look at the price of buying a server, maintaining an internal network, dealing with upgrades, power failures, disk crashes, and so on. Compare that to the monthly fee for cloud services – and also consider that cloud technology is being continuously upgraded, improved, and expanded. The decision ought to be obvious, and inevitable. Still, people often are reluctant to give up control, and they are nervous about a possible security breach.
Well let’s just turn the question around. What makes you think your company’s data is safe now? Are your business servers in a hardened computing facility, with 24-hour staff whose only job is to monitor and safeguard your data?
Like anything else, you get what you pay for. With Cloud Computing, there are lots of options, and security can be ramped up as needed. According to a recent Wall Street Journal article, “… basic security tasks that often don't get done at a small enterprise … are usually part of the plain-vanilla package in the cloud. The more you pay, the more you get: firewalls around your data, high-end encryption, ‘private clouds’ that let you isolate critical information and still access extra processing muscle when you need it, hacker-attack notification and mitigation, and 24-hour tech support.”
OK, so what’s my next move? Look at your current business processes. Take a survey or audit of everything you are currently doing with your company’s computers and servers. Depending on the complexity of your needs, you may be able to migrate to the cloud on your own. Start by reviewing the web hosting package that you are already paying for. It probably includes more capacity and features than you are using, such as databases and customer service applications. Look at what else is available: free options, like Google Docs, and low-end ones, such as Amazon Web Services. See if they meet your needs. Finally, consult with us, your computer networking professional. We can provide you a more comprehensive solution and level of service, at a competitive price, and also help with whatever migration and integration issues you might have.
Good luck, be brave, and head for the Cloud!
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Manual Labor
This month I decided to try and get the webcam working on my new computer. Getting it started became an adventure. I learned new ways to find and understand instructions, and I also learned that tech support can actually help!
When working with a new device, I like to have a printed document with that tells me the functions and what they can do. My monitor came with only a software CD and a one-page “quick-start” guide, showing the front panel buttons on one side and the basic startup steps on the other. Since I grew up with devices doing only one function, this was not enough information.
First, I thought the webcam program might have already been pre-installed on my computer. To check, I just clicked on START. The webcam was listed under programs, so I clicked on it. Now I had a basic screen, but the buttons would not do anything. Obviously I was missing something. I needed a user manual.
Without a printed document, I didn’t know what the next steps were, or even where to go find them. I decided to go to the monitor manufacturer’s site and search for the manual. There it was! I found it! After downloading it, I found the section on starting the webcam.
I learned that I had to load some additional software. It was on the CD that came with the monitor, and luckily I remembered where I had stored it. I dug it out, inserted it, and began the setup again.
The installation process stopped without finishing, for some unknown reason. Don’t you hate it when that happens? I sure do. Good thing that I know how to uninstall a program and start over. The second time through, it worked fine.
Now I thought I was ready to begin. I opened the webcam, but still could not see myself. I was able to see the options on the buttons, and open some other functions and see what they did. But no picture. Then I saw the error message at the bottom of the screen: The webcam was not found.
I went back to the manual. To my delight, I found both the error message and the resolution for it. It said to make sure the monitor cable was connected. I checked the cable and it was fine. I looked at the chart again. I had followed the instructions, or so I thought. But still no picture. Needless to say, by this time I was very frustrated!
Finally I contacted technical support, via the “chat” link on the manufacturer’s web site. After telling them that I had already done everything that they were suggesting, I was escalated to the supervisor. Suddenly the comment was made about a second cable. Second cable? How was I supposed to know about the second cable?
I looked at the monitor setup instructions again. In the lower left corner, in very light print, was a step about connecting the USB cable. I completely missed that step the first time through! After finding the second cable, I turned the computer off, and then connected it. Suddenly the webcam worked!
In a user manual, I think the print should be easy to read – not blend into the background. Pictures should be big enough, and clear enough, to see the details. Maybe reading a manual online is better – then you can always zoom in. But just in case, I now keep a magnifying glass handy.
see ya next blog,
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
Cramming: It’s not just for college anymore
"Cramming” is the illegal practice of placing unauthorized charges on your telephone bill. Crammers rely on confusing telephone bills and vague wording to trick you into paying for unwanted services. Charges may be labeled as a service fee, service charge, mail server, calling plan, membership, monthly fee, or other fees on your bill.
How to fight back Here are some tips from the Federal Communications Commission (FCC) for fighting unauthorized charges on your telephone bill:
Carefully read all forms and promotional materials – including the fine print – before signing up for telephone or other services to be charged to your phone bill. Be equally careful if you receive an offer by phone.
Thoroughly review your telephone bills every month. Monitor them just as closely as you would review your monthly credit card bill or bank statements.
Make sure you recognize the names of all the companies listed on my bill and what services they’re providing.
Do not ignore small charges, which can add up to big amounts. Crammers often try to go undetected by submitting $1.99 or $2.99 charges to tens of thousands of consumers.
If You Suspect Unauthorized Charges Ask the company for an explanation before paying when you don’t know what service was provided for a charge on your bill. If you don’t receive a clear and accurate explanation, immediately call the company that charged you for services you did not authorize and request adjustment to your bill for any incorrect charges.
If that doesn’t work, call your own telephone company and request to have the incorrect charges removed. And if that doesn’t work, you can file a complaint with the FCC for charges related to telephone services between states or internationally, or with your state public service commission for telephone services within your state.
Have a nice weekend,
Andrew Nevens
InnerTag
407-949-0106
andrew@innertag.com
www.innertag.com
