Security advice

Not so long ago, I encountered a supposed IT expert who stated categorically to one of my customers that anti-virus software was unnecessary because, in his words, “You only get viruses if you visit porn sites”!
I can assure anyone who reads this web log that what he said is NOT TRUE!
Whenever I look at the log on my e-mail server I can see that a significant number of viruses are intercepted every day.
A very high proportion of “spam” e-mails come complete with a virus, usually but not always as an attachment.
E-mail may be the most prevalent but is definitely not the only means of spreading viruses.
Recent research at the SANS Institute (see footnote), shows that on average, an unprotected PC connected to the Internet will become infected within 20 minutes. If you have a broadband connection, it's probably more like ten minutes. I have even come across of one case where a PC became infected within TWO minutes of its broadband connection being established.
Viruses are not the only problem. Keyboard loggers can steal your credit card details and passwords. Spyware can track each site you visit.

However, it's not all doom and gloom. There are steps that can
reduce the risks to acceptable levels.

First of all, make sure that all of the latest security patches are installed for your operating system.
That alone can keep a lot of attacks at bay. It is absolutely essential (and often forgotten) if you ever have to clear up after a virus attack...

Install anti-virus software.

If you are a home user, there is still a FREE program that you can download from Grisoft and it's very effective. The only slight drawback is that it doesn't always update its virus definitions automatically so you would need to update manually at least once a week, preferably more often.
Otherwise, any of the major brands will probably do a reasonable job, at least if you take some other basic precautions.

Install a firewall.

Again,there is still a free version of Zone Alarm that is probably good enough for anyone with a dialup connection.
If you are running Windows XP, and do not have a dedicated firewall installed, at the very least enable the built-in one as it's better than nothing.
I use Agnitum Outpost Firewall Pro throughout my network, even though I have PC configured as a dedicated firewall.
The dedicated firewall is just an old Pentium 100 running IPCop.
The rationale is that the firewall on an individual PC can stop infection spreading both in the local network and out to the Internet.

As an alternative to separate firewall and anti-virus packages, you can install a combined security package.
I use F-Secure Internet Security on my e-mail server (an old PC). It works very well and has the advantage of updating virus definitions automatically, sometimes several time per day.

Install a spam filter for your e-mail.

Some mail clients have basic spam filtering built-in but there are good, free specialist spam filters available such as K9 by Robin Keir that are more sophisticated and can be trained to identify spam and isolate it.

Install Ad-blocking software.

I use a combination of Lavasoft AdAware (free for home use), SpyBot Search and Destroy (yes these two can co-exist on the same PC!) and finally SpyWareBlaster.
Between them, they wipe out all forms of spyware.

If you have a broadband or even an ISDN connection that is always on, or you wish to share an internet connection over a network, you should consider a proxy server. Not only can you share a single connection but they usually provide extra features such as local e-mail, spam filtering and port blocking. The
last of these improves security a great deal. I can heartily recommend 602LANSuite which is free for up to five users.
Setting up a proxy server requires a bit of technical know-how but the results are worth it.

Another useful program from Agnitum is TauScan a dedicated tool for blocking Trojans, a type of virus that opens holes in the usual defences by attacking anti-virus and firewall systems. This opens the floodgates to all sorts of other viruses.

Finally, I cannot stress highly enough the importance of keeping security software up-to-date.
New threats emerge all the time and if your virus definitions are old, your anti-virus program will not recognise new viruses. It's just like a flu jab. You need a different vaccine for each strain of the flu virus.

And...I nearly forgot to add...Don't forget to regularly and frequently backup your data!

For further excellent advice on security and spam I suggest that you take a look at Julian Knight's website.

SANS
is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was
established in 1989 as a cooperative research and education
organization....Many SANS resources, such as the weekly vulnerability digest (@RISK), the weekly news digest (NewsBites), the Internet's early warning system (Internet Storm Center), flash security alerts and more than 1,200 award-winning, original research papers are free to all who ask.

And now a Rave!

OpenOffice

The latest edition of PC Pro in the UK includes a lab test of Office Suites.
Surprisingly, the winner was NOT Microsoft Office 2003!

Instead they chose OpenOffice 1.1.2. AND IT'S <b>FREE!</b>

I have tried out earlier versions and have been pleasantly surprised.
The very latest, version 1.1.3, is even better. I'm using it to type up this entry.
It still doesn't have all of the features of the full Microsoft Office suite but it seems to be highly compatible.

One very useful feature is its HTML Document Editor.
It has the great merit of being an intuitive, straightforward WYSIWYG editor that produces clean and simple HTML code.

It is ideal for pages containing mostly text.
Unlike most specialised web tools, it has a built-in spell-checker.

A slightly disconcerting feature resembles the predictive text found on some mobile phones.
Sometimes, when you start to type a word, a completed version suddenly appears.
If that's what you intended to type, just press the Enter key to go on to the next word otherwise you just can carry on typing as normal.
Apparently, you can turn the feature off (..it just suggested “office”).

Visit www.OpenOffice.org to download a copy for your language and operating system.
Currently supported operating systems are Windows, Linux, Solaris, FreeBSD and Macintosh

Another rant

A Rant – Honestly it is!

Hooray for Sir Terry Leahy
A quote from Tesco boss, Sir Terry Leahy in today's Daily Telegraph strikes a chord.
“No gobbledegook. No management jargon. Simple thoughts, simply expressed”.

OK it doesn't seem like a rant and I know that it may seem ironic coming from an IT person, but simple clarity is the key to good communication.
Everyone, not just business managers, should learn from it.
Might it even be a good idea to teach such skills in our schools and universities?

I am all too aware that every profession and trade has its own terminology.

For example, who outside the printing industry understands (or these days even remembers) the difference between a Flong and flong?

The point I am getting at is that acronyms may be useful to remember key bits of information but they should never be used in “general” communication.
Or, at least not without a full explanation of their meaning.

The necessary shorthand that we use within the IT industry is totally impenetrable and meaningless gobbledegook to most non-IT specialists.
It alienates our users and potential customers. As such it is totally counterproductive.

Worse still are the plethora of three letter acronyms that pepper “Managementspeak” and alienate managers from workforce.
If you ain't talking to your workers in a language they understand, and listening to them as well, you are not managing anything.
And if you put a Customer Relationship Management (CRM) system in place, make sure it focuses on serving the needs of the CUSTOMER rather than flattering the egos of senior management.

Finally, another bugbear - unreadable websites!
Various countries around the world have passed legislation banning discrimination against disabled people. A lot of website designers seem to have it in for all of us, disabled or not. From text indistinguishable from background colours or images to minute text in indecipherable fonts, I wonder what message the designers are trying to communicate because it certainly isn't getting through.
A tip for all website designers, young or old... If your granny can't read it with her reading glasses on, the font size is probably TOO SMALL!

First Rant

I seem to be receiving more and more scam e-mails these days and it's seriously annoying!

Generically, they are known as '419' scams after the section of the Nigerian penal code that they infringe.

If you haven't come across anything like this before, they work like this...
Typically, some supposedly "important" person or one of their close relatives tries to persuade you to let them transfer funds out of some third-world country via your bank account in exchange for a significant "commission".
However, as soon as they get hold of your account details,they proceed to clean it out!
As the old adage goes, "If it LOOKS too good to be true then it IS too good to be true"!
My advice is NEVER respond to them.

Even if you are tempted, millions of dollars suddenly appearing in your bank account is bound to raise suspicion.
Partly because of the threat from terrorism, your bank is now legally obliged to notify the authorities of unusual/suspicious transactions.
You would almost certainly find yourself under investigation and the funds frozen.

Until very recently, I always junked these e-mails.
However, on reflection, I decided that as these are serious attempts to commit major fraud, they should be reported to the appropriate authorities.
In the UK, that turns out to be your local county constabulary or failing that the Metropolitan Police Fraud Squad.
If, like me, you are based in Dorset, and you receive one of these e-mails, please forward it by clicking on this link and I will forward them to the appropriate contact within Dorset Police.

First post

Welcome to my blog.
I intend to use it to document some useful bits of information and express my opinions of issues of the day.
The latter will probably be best categorised as rants and raves!

I have recently been involved in developing some new websites, please feel free to take a look at Precision Productions Ltd, my company website as well as my on-line digital art and photography gallery - follow the link from andrew-clark.co.uk.