|
|
|||||||||||||
**** NewsBytes **** NewsBytes **** NewsBytes ****
Watch this space!
Changes in our services, Service Level Agreements (SLA) or generally anything that will generally affect you, the client, will be announced first within the pages of InfoBulletin, so do please keep an eye on IB, because we use it as our primary way of making you aware of changes and bringing you up to date. To request a current copy of SLAs, contact us below.
A plateau of chips
Intel, prime semiconductor maker of ever faster processor chips, is to change tack. The giant failed to keep up its past record of doubling processor speed every 18 months, in line with Moore's Law, twice shelving its 4GHz chip plans last year, and itself admits that rapid advances in chip technology are beginning to level off. Now, with the arrival of new CEO Paul Otellini in May, comes a new Intel strategy (with a new label) that will be less one of fabricating one-chip-suits-all speed-monsters and more a case of assembling branded ranges of function-specific chips. The new collections aim to enable products that consumers actually want to buy - viz, video, audio, wireless and security functions. And the label for these collective Lego sets (sorry, 'complete technology platforms') is "Platformisation".
Phishing becomes pharming
Faking a bank's online login to con customers into revealing confidential information just got more sophisticated. Instead of simply displaying a carefully spoofed web page, the latest fraudsters have invented Troj/BankAsh-A, a malicious agent that leaps into action when the computer user attempts to go to one of several online banking sites. The Trojan then automatically hijacks the browser and confirms a logged in status (spuriously) in the address bar, while the name and password are actually sent to a remote computer for the 'pharmer' to collect. Conventional phishing relied on a flood of bogus emails, but 'pharming' allows Trojans to be planted discretely on computers and avoids raising user suspicion before the damage is done.
The 64-bit question - answered
April will finally see the launch of Microsoft's much vaunted 64-bit operating systems to run on 64-bit processors. Windows Server 2003 x64 Edition and Windows XP Professional x64 Edition (client) will become available, followed through 2005 and 2006 by 64-bit versions of MS applications, including SQL Server, Exchange, Commerce Server, Microsoft Operations Manager and Virtual Server.
Top 100 world moments
With "Top 100 ..." TV programmes being invented practically daily, it was inevitable that a web site would follow the same trend. Only this time it's a snapshot of our world right now. Every hour, 10x10™ collects the "100 words and pictures that matter most on a global scale", and presents them as a single image, taken to encapsulate that moment in time. "tenbyten" runs with no human intervention, autonomously observing what a handful of leading international news sources are saying and showing.
http://www.tenbyten.org/10x10.html
Phone and surf logs to be stored
The EU's big five countries are pressing for all telephone and Internet activity data to be retained for 12 months, to help combat terrorism. Web site addresses and telephone numbers (though not conversations) would be stored for up to a year and shared as part of an early warning network. There are no set EU standards on how long data should be held currently, but the recording burden would fall on companies. Full story at Financial Times.
ADSL2+ ... the sequel
Broadband users could benefit from a service 36 times as fast as the one most of them have now, if cable firm NTL's recent trials come to fruition. Their tests on ADSL2+ caters for speeds of up to 18 Megabits per second (Mbps) for Internet use and could eventually pave the way for on-demand streaming of high-definition TV (HDTV). BT trials of ADSL2+ are due later in 2005.
Mouse adapter for hand tremor sufferers
Sitting down to a computer, most of us take the provision of a mouse for granted. For sufferers of hand tremors, guiding the cursor around the screen this way becomes impossible. Help has arrived at last in the form of a device that filters out unintentional hand movements resulting in greatly improved accuracy of mouse operation, enabling sufferers to use a mouse normally. The technology for the Assistive Mouse Adapter has been licensed by inventors IBM to British manufacturer Montrose Secam, who sells it directly online or by mail for £65.
www.montrosesecam.com
IT Conference 2005
The Charity Finance Directors' Group (CFDG) is hosting its IT Conference this year along the theme "Closing the Gap", namely between disparate techologies, between the Finance Director and IT experts, between
departments and their different requirements and many more such scenarios. The conference takes place on 5 April 2005 at Cass Business School, London EC1.
http://www.cfdg.org.uk/CFDG/it2005.asp
**** end of NewsBytes ****
| ^ Back to contents ^ | ||
|
1. Spyware - living in and off your PC
Hidden agents on our PCs may be watching our every keystroke. How did they get round our defences? | ||
| More help at hand. All the back issues just a click away |
From Cold War to hot actionSpyware can be defined as a program that controls your computer in some manner, but unlike the Windows scheduler or genuine applications like the Disk Cleaner, one that does so with malicious intent. This is a broad definition, of necessity, because spyware now encompasses many dubious activities such as :
The anti-spyware industry today is equivalent to where we were in about 1995 with anti-virus protection
So to address this threat, it is becoming essential not only to have anti-virus (AV) software, but also an anti-spyware (AS) solution to protect your computer. How did it get like this?Ad-ded value Probably the first culprit to convey surreptitious ads was Gator online, sued for selling advertising space on third party web sites without permission. Surely we seemed to be doing so well on the protection front? Enter complacency. Viruses were defined as damaging agents that changed your files, or copied themselves to fill up your hard disc, or emailed themselves to your friends. If they were collected by visiting the odd dubious web site and later popped up the occasional ad, then so what? Surely that was just an annoyance. Meanwhile in another parallel thread, genuine security analysts in the late '90s were developing so-called backdoor tools to investigate how vulnerable current computer systems were. Fine when those tools are used for those purposes. Bad news when the code ends up being published on the Internet. Combine these two techniques and you have the essence of a stealth mechanism for spyware. With spam and advertising hardly crossing anyone's alert threshold at this time, anti-virus software concentrated (perhaps understandably) on tangible threats like backdoor viruses and Trojans. Well it seems the vendors took their eyes off the ball in 2004 - some major ones have even admitted as much. These days the majority of Internet-connected PCs will certainly have some sort of spyware buried on their hard discs, but how easy is it to remove and prevent? We are where we were in about 1995 with anti-virus protection; the tools are reasonably effective, but no single one does the whole job of AS protection. Apollo The Intermediate Missions
Written and Researched by Aus7in Morris Houston, we have a problemThe Apollo 13 space mission illustrates aptly "the seeds of an accident sown some five years earlier". In the closed-loop environment of space technology development, it is always those that have access to the hardware - that is, the NASA techies and contractors - who will discover the faults. Contrast that with desktop computer technology where everyone has a copy of the whole code right there in front of them. In similar vein, the seeds of PC disasters are often sown many years before they mature. Internet Explorer is a favourite target for hijacks and hacks, partly because it is deployed on so many PCs and partly because the application is inherently public; it's an interface to the Internet after all. Patching and preventionFortunately, we are not entirely at the mercy of pranksters, junior experimenters and technical con artists to analyse the flaws in our everyday software. Dedicated institutions like CERT, NTBugtraq and many security companies root out many of these holes and alert the manufacturer(s) in question (it's not just an issue for Microsoft alone) with a view to fixing it, though there's a heated debate about how soon to go public, whether the manufacturer released a patch fast enough to match the severity, whether they already knew about the problem in the first place, etc. Pundits have just as many opinions too about the merits of the effort going into mending all this defective software (in the form of patch downloads) versus how much effort it would need to make 'better' software in the first place. Learn more about spyware. -IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
2. Anti-Spyware overview
A round-up of anti-spyware offerings. | ||
| More help at hand. All the back issues just a click away |
The vague definition of spyware, and its association with the arguably less-damaging ad-ware, seems to have caught anti-virus companies on the hop and the result has been a raft of small companies and 'volunteers' stepping into the breach with the resulting confusing array of tools that don't perform similar functions. Bogus anti-spyware The Federal Trade Commission recently shut down the makers of Spyware Assassin claiming the product didn't remove spyware or gave false alarms. Adware ReportTo make things worse, there have been numerous reports of bogus anti-spyware software that actually do the opposite of their claims, inflicting instead of inoculating, or finding spyware that doesn't exist. Co-Op sent our Barry Antwi to delve into a well-respected anti-spyware application, partly to determine how usable a piece of software it is, but also because it exhibits many of the features that the best protectors must now include. One of the market leaders is Spysweeper, developed by Webroot software. Usually, protection-orientated software protects all user's drives by default. However, be aware that Spysweeper only protects the C: drive by default. As a result a user who has more than one drive may do a scan oblivious to the fact that not all drives are being checked. This can be enabled via the options tab, but it would perhaps have been safer if the user was required to deselect any additional drives if preferred, rather than select the drives to be scanned. 
Spysweeper also has a 'shields' utility. This utility, if used correctly, enables one to define an even higher level of protection. The 'Internet Explorer shield' helps ward off IE browser hijacks. The feature prevents IE favourites being changed, cookies being added (though not switched on by default), as well as your home or default web page being altered. A further shield that can be refined is the 'windows system'. However, this gives access to start-up programs and if the wrong programs are disabled, it could bring a Windows system grinding to a halt. Not really one for beginners! Where Spysweeper falls down is in its price, asking a yearly subscription of US$29.95 to keep it up-to-date. Furthermore there are features that, although invaluable, at best case wouldn't make much sense to a regular user, but in the worst case could render their system inoperable. While there may not be a comprehensive spyware solution out there yet, Spysweeper does address many of the common instances of spyware, though there are quite a few other competitors that do this for free. So perhaps Spysweeper doesn't quite lead the market enough yet to justify its price. Among the anti-spy tools that Co-Operative Systems has had good experience with are SpyBot (from www.safer-networking.org and X-Cleaner (from www.xblock.com). While the latter is now a $40 Pro version (also bundling extra tools like a file shredder), the former is still a free program supported by donations. Like SpySweeper, SpyBot has an option to prevent registry changes, but we doubt that such features are on the whole intuitive enough for the average user to interact with safely. Standing on the shoulders of GiantAt the beginning of 2005, Microsoft stepped into this fragmented market in its traditional style: by buying an existing player. The anti-spyware provider they chose to 'honour' (or take over) was MS/GiantAntiSpyWare. The MS branding of this 6MB beta trial download was originally slated to finish in May 2005, though the internal information panel (under Help | About) now says the trial of the current version (1.0.501) finishes on 31-07-2005. This may be just to ensure these beta installations self-destruct, rather than risking the continuation of early trials beyond their sell-by date, especially as no charging structure has been announced. For better or worse, this giant (boom-boom) acquisition will either settle or skew the anti-spyware landscape, in that new Windows-PC purchases may have GiantAntiSpyWare pre-bundled for free, effectively removing the market, or the sheer presence of the Microsoft name may sway anti-spy newbies to go with what they consider a 'safe bet'. Certainly the MS/GiantAntiSpyWare is a lumbering but effective beast (though discussion groups abound with comments like "SpyBot found spyware that MS didn't" and vice-versa). It also contains an 'intelligent' fast spyware scan to reduce time as well as prevention of registry edits, as mentioned above and the interface is unquestionably friendlier than many competitors - always a Microsoft strength. Look here for a detailed review of MS/GiantAntiSpyWare. Self-help toolsMore tools to look out for are HiJackThis (HJT) and CWShredder - two analysis and removal tools aimed respectively at registry analysis and the tenacious CoolWebShredder threat. Indeed HJT has become such a ubiquitous utility that many sites and discussion boards will accept your HJT log and analyse it for you, giving pointers to root out the spyware. Find them at : PreventionThere are some measures that can be taken to avoid the biggest hijack holes, like making Internet Explorer (IE) safer. Implementing this as a group policy will save a great deal of time as is something we can do for clients with FM programmes. Another alternative is to move to the Mozilla Firefox browser, and though while this will side-step all the IE browser hijacks, it won't make a PC resistant to all spyware. Like all anti-virus products, anti-spyware products are only as affective as their last updates. That means fetching the downloads, often a process that can be scheduled, and keeping your fingers crossed that spyware outbreaks don't reach you before the provider's updates can. Finally, spare a thought for other people who have far worse problems with leaky Windows and opening ports. Contacts-IB- Acknowledgements: Barry Antwi |
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
3. Hacked off: the motives of a virus writer
| ||
| More help at hand. All the back issues just a click away |
Acting upAnyone who has watched Jamie's School Dinners will have quickly realised (along with just about every teacher and parent) that kids who don't want to do something - in this case, eating healthier food - won't do it just because they're told to. The solutions need to be a bit cleverer than mere orders. And they will be inventive about working around the rules, like sending others out of school to buy the junk food they are accustomed to living on. The trouble here is that kids in the computing environment are equally inventive and have an almost unlimited challenge to apply their brains on. Worse, they aren't readily identifiable, let alone within scolding distance. Hacked offJust why do hackers do it? All the world's a stage, William Shakespeare - All the world's a stage (from As You Like It 2/7) Our impression may be that it is bored, 'computer-degenerates' that are to blame - first for viruses and now spyware. Indeed it takes "Nothing more than the whim of a 13-year old hacker to knock any user, site, or server right off the Internet", an alarming if now-old tale recounted first-hand by Steve Gibson. In the past decade, the drive for writing viruses and 'malware' was competitive and cliquey, dubious sites containing thinly-veiled hints on how to do it. The stage for this destructive combat was largely the PCs of the world's ordinary guys and gals, connecting their machines to the Internet with gay abandon. However, the motives these days are wider-ranging. Of course, there are technically-expert criminal gangs - the ones who disseminate sophisticated Trojans that help capture confidential information, traded at high prices, to break into bank accounts. But the real crime is blurred by the hundreds and thousands of have-a-go relative beginners who find that the tools for creating malware are now easier to source on the Internet than ever before. The culprits are what most of us would describe as 'normal people' - students, information workers, the person next door. Because in the field of computing and software, everyone is a learner at some level, and the new challenge is simply to discover how things work, make a program do something that you couldn't before. For security experts and skilled programmers, writing malware does not present an interesting challenge and perhaps because of their awareness of the 'interconnectedness of things', their technical morality is more developed, ie 'we don't do these activities precisely because we know it's destructive'. -IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
4. Developing your IT Skills
Unsure about the exact nature of your IT skills requirements? | ||
| More help at hand. All the back issues just a click away |
A Training Needs Analysis (TNA) can help identify the precise areas where training may be required. As well as identifying your IT training needs, a TNA has the added value of ensuring that training and development initiatives interface with your organisation's goals and culture - and in so doing, provides a training solution that is specific to your organisation. Training Needs Analysis begins by understanding the target audience - the people whose roles make your organisation perform. By profiling the target audience and understanding the competencies they must possess, we can begin to evaluate where training needs might exist. Where relevant, we can examine the level of skills already in place and how effective they have been historically. Doing this can often determine whether, and to what extent, a skills deficiency exists. Having determined the training gap, examined how best to close the gap and the implications of not doing so, we can then work with you to define the optimum training solution. The TNA process can best be illustrated by the diagram below: 
Here at Co-Operative Systems we can work with you through our existing facilities management service to provide a skilled and experienced analyst who will help identify suitable solutions to close the IT skills gaps you have. Contacts
-IB- Penny Whitfield |
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
5. Grab a holiday (or two), literally
The outlook to come: holidays all the way! | ||
| More help at hand. All the back issues just a click away |
Insert holidays into your Outlook calendarWith a few of those precious public holidays coming up, you may want to bookmark those in your calendar, plan some breaks and so on.But before you go holiday dreaming, have you realised that, with just a few clicks, you could chalk up the whole year's time off? 
Here's how to add holidays into Outlook
To viewGo to Outlook's Calendar and choose a holiday period, eg Easter. To see just the holidays, pull down
To remove holiday entriesTo reverse one of these insertions (ie remove holidays specific to a country/culture/religion),
-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
6. Q&A: Tracking downloads on your web site
Question Hi Mark, | ||
| More help at hand. All the back issues just a click away |
Here are two options, ranging from simple tracking to full site logging. Simple TrackingTo find out how many times articles or pages are downloaded, you could set up simple hit counter or tracker for a single web page. Various free offerings are available to implement this and you don't even have to know how to write HTML if you take up one that provides the code for you; it's just a matter of pasting the code into your web page. To distinguish the visits or downloads from each separate publication, you will need to link each one to a web page (that will have the hit counter counter embedded in it). Techniques for implementing this might include:
or better still, The latter is better because people choosing this option deliberately select the article, rather than happening upon the page while browsing the site. Look through the hit counter providers at the end of this answer. Full Site LoggingBeyond this, you will need to set up web site statistics monitoring. Then you can employ a variety of techniques. To set up web site stats, you will need to contact your web hoster, which is often also (but not necessarily) your Internet Service Provider. Generally they will keep the barest stats, but you will need to ask them to "turn on full web logs" - the method that Demon uses, for instance. Once enabled, these stats will produce heaps of detailed data about visitors (date, time, which pages, where they came from, which browser they used and a whole lot more), often piped to a directory in your web user space simply called "logs\". One file usually represents each day and they are often compressed after a period into one file per month, to prevent consuming all your hosted web space! Eventually (say after 2 months), the hoster will dump the oldest ones to save space, so it becomes clear that you need to download them at regular intervals to a local PC or server, if you want to keep old records and trends. All of this raw data is fairly unreadable by ordinary humans (though Matrix geeks wouldn't have any trouble with it), so it needs to be fed into an analyser application to produce charts, etc. There are lots of such analysers, but a good start is the free offerings from Analog and ReportMagic (see Contacts below). These are best used as a pair and need a little configuration first. Once configured, you can analyse page hits by ranking, the most common search engine words and the top 10 organisations browsing your site, as well as all the basic data mentioned above, neatly arranged into charts and tables, itself in the form of a locally-stored HTML page. We covered Analog and ReportMagic back in InfoBulletin December 2002.If you would like Analog and ReportMagic set up by us, it is something we can easily do for you. Hope that helps, ContactsHit Counters and Page Trackers
-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | |||
|
Clicks of the Trade - trying windows on for size
--- Quick tips for happier clicks! --- | |||
| More help at hand. All the back issues just a click away |
-IB-
|
Good read? Rate this article | |
| I | B | ||
^ Back to contents ^Overview of InfoBulletin Opinions expressed within InfoBulletin do not necessarily represent the views of Co-Operative Systems.
E&OEViewing IB Implementation Privacy |
Subscriptions ^ Back to contents ^Contact details
|
|
|
Read recent and past issues of InfoBulletins on the Web at http://www.coopsys.net/ibindex.htm or search our archives and subject index.
We hope you found InfoBulletin useful! If you would like to comment on any of the articles or request particular subjects to be covered, mail us here.
| ||
