Tuesday, April 22, 2008

Are you ready for emerging threats?

Are you ready for the next wave of cyber attacks? My guess is probably not. How could you if you don't know what's coming?

You see, I have a really bad feeling about the next couple of years, at least as far as the technology field. We will continue to see cyber threats making huge leaps and bounds as malware writers continue to become well funded, organized operations. In the "old" frontier days of spyware, you pretty much only got the really nasty spyware/malware if you went somewhere on the web that you probably shouldn't have in the first place. That's already changing, as we see malware writers are now beginning to target ANY website that they can crack into and place their malware distribution software on. That means that even the knitting blog that your grandmother visits isn't safe anymore. And your uncle's website where he sells fishing lures is now a target, since his website was built three years ago with an e-commerce package that now resembles swiss cheese to a determined malicious hacker. These newer malware packages are also getting smarter about avoiding detection.

I'm not even to the good part yet. Unfortunately Microsoft Windows Vista has been a big flop and proven that it's not really ready for prime time mass adoption. It's unfortunate because it would be a welcome scenario if a larger installed base of users had a more secure operating system and more secure browser. The new Windows Service pack 3 for XP will do some good as far as security goes, but without User Account Control, it still isn't as secure as Vista.

A recent high profile "pwn to own" contest showed us that operating systems are more hardened and less vulnerable than ever before. None of the base operating systems were hacked on the first day. On the second day, hackers were allowed to go after bundled software on the system, such as web browsers. Apple's Safari web browser on the Mac platform was hacked by going to a prepared website where the hacker had prepared an exploit for an unknown vulnerability. The third day the hackers were allowed to go after third party installed software, and the Vista PC was compromised by an exploit with the Adobe Flash player software, a very ubiquitous add on that anyone needs to view most sites on the internet. This showed us that while browsers are still a target, no matter what operating system you are running, common applications running on computers are going to be the next thing that malware writers attack. I know most of you are well trained by now to perform your operating system updates, and web browsers, but are you prepared to keep track of every application that runs on your computer and keep every one up to date? You need to start getting used to doing that now.

So what can the Small Business owner/IT department/Consultant do to prepare yourself for these threats? Enforcing strict user policies and locking down computers so that end users can do the least damage should be high on your list. I know, user will cry and moan, but it must be done. Make no mistake, USERS SHOULD NOT HAVE ADMINISTRATIVE RIGHTS to their local computers. That point is so important, I feel it should be repeated. I repeat, USERS SHOULD NOT HAVE ADMINISTRATIVE RIGHTS to the local computer. More than ever, KEEPING SECURITY SOFTWARE CURRENT is another top priority. Consider ADDING A UTM (Unified Threat Management) device to protect your network, such as the ones made by Astaro. Such a device will allow you to FILTER INTERNET CONTENT, which is a good idea for many reasons, including security.

No matter what steps you take, you can never be 100% secure. But by taking practical steps you can be prepared to face new cyber threats with the confidence that you computer systems are not easy pickings for malware, malicious hackers, or identity thieves.

Tuesday, April 8, 2008

HP USB Keys: You want malware with that?

Apparently some USB keys that are shipping as an optional add-on for HP Proliant server are including some additional "features" that no user will want. This is REALLY bad news, because it is VERY likely that a sys admin would use this key well before he got to the point of installing any security software on the server. Read more here

Thursday, December 13, 2007

Friday, December 7, 2007

Windows Vista: freeware edition?



Microsoft is dumping WGA (Windows Genuine Advantage), and Vista will no longer totally deactivate itself with the release of Service Pack 1 http://www.informationweek.com/blog/main/archives/2007/12/introducing_win.html;jsessionid=2MS2BZUU2WVHWQSNDLRSKH0CJUNN2JVN

Monday, November 26, 2007

Vista listed in the top ten worst comsumer tech products of all time

Is Vista really as bad as one of the top ten worst consumer tech products of all time? You decide for yourself, but personal experience and that of my clients that want to do anything more that check email and surf the web would likely agree. Read the story

Thursday, November 15, 2007

Marketing Your Blog Is More Effective Than Advertising

First of all advertising is a component of the marketing process. You can look at advertising as the end result of marketing.

read more | digg story

Friday, October 26, 2007

Cost vs. Value

Occasionally I'll come across a small business owner that has a hard time understanding the value of a quality Technology Consultant. That's an attitude that normally changes as the business grows and the owner sees that when employees can't get to work that it's worth paying for good quality IT support.

But add to that save money at all costs approach with a cheap consultant you have a recipe for problems.

I've talked with business owners that really think that their last IT support person wasn't that bad. And now they having to pay more for their IT support. They say that hey the other guy didn't charge as much. Perhaps, the other guy was just:

- Unreliable

- Sold pirated software

- Rude

- Incompetent

I know first hand from not only speaking to business owners but also having limited dealings with the former support person and let me tell you, I'm not exaggerating.

So yes, you may pay a little more, but what do you get?

- Reliability

- Integrity

- Courtesy

- Competence

Quality doesn't cost more, it pays in the long run with reduced downtime and more productive personnel. It pays by having robust backup systems in place that protect your business' critical data. Cost in an expense, but Quality is an investment in true value.