IB: InfoBulletin

1. Reminders: Exploit our experience!
2. Send email messages to mobile phones
3. How a virus gets into your workplace: the trends & fixes
4. Email TLAs & usages
5. Laptops lap up support
6. ISDN connection failures - be aware
7. Your email system is down, but nobody realises !
8. Are you practising safe surfing ?

This bulletin is presented as a Web page (in HTML) that can be read in any standard browser and most email clients. It may help viewing if you adjust your frame to approximately A4 size proportions.
However, if you prefer to read it in an alternative viewer, you could copy/paste it into your usual wordprocessor or extract it into a text file or even print it to be read later - on recycled paper, of course!
As always, you can elect to change your subscriber address or stop receiving InfoBulletin altogether. Simply reply to this address giving us your preferences. Under no circumstances does Co-Operative Systems supply lists of customers to other organisations.
If you need to re-direct this bulletin to a particular group or person within your organisation, set a rule in your mail forwarder to trigger on the address: infobulletin@coopsys.co.uk and then fill in the internal address of your recipient(s). For NT/Exchange systems, redirect this address to an internal user or a distribution list of users you have set up.
InfoBulletin topics can be implemented by Co-Operative Systems if required on a chargeable basis or via Facilities Management (FM) for those with rolling work programmes.

Reply to this address or to : team@coopsys.co.uk

Sales: 020 7793 0395
Fax: 020 7735 6472
E&OE

1. Reminders: Exploit our experience!

REMINDER : IB topics can be implemented
The vast majority of IB topics are 'deliverables today', not science fiction. Usually we can implement these topics with low cost and the benefits that your organisation gains from our pre-assessment are well in excess of cost to you. So don't be timid in implementing them - give us a call and make a name for yourself !

REMINDER : New IT Projects and Sound Advice
Intranets, Extranets, DataWarehousing, CTI and whatever's next - with a user base of over 100 sites and 2000 users, the chances are we have experience of what you'd like to achieve or know someone who is doing something similar. An initial 10 minute phone call can save you a lot of time and cost. Best of all there's no charge for this service.

2. Send email messages to mobile phones

What it does
Talk21 (a subsidiary of BT) have set up a free Short Message Service (SMS) gateway on the Web. The Web site is basically a Web email service that allows you to send messages to any SMS-enabled mobile phone simply by typing in the phone number and your message (up to 160 characters). Delivery to the phone seems to be pretty instant, although the Web site can get jammed up when it has too many visitors and up to half the (Web mail) screen may be taken up with banner advertising at times.

Benefits
You can alert someone to contact you even if they are in a meeting. Depending on how they have set up their mobile phone, this may less intrusive than ringing them direct. The service is also a normal Web email service so you can read and write ordinary emails too. You get a 4.8MB allocation to store email messages and a spell checker for the stuff you write.

Cost
The Talk21 service is free.

How to make it happen

1. Point your Web browser at www.talk21.com and register.
2. Login with your username and password.
3. Choose "Write messages" at the top.
4. Choose the SMS button below.
5. Fill in the recipient's mobile phone number (with no spaces).
6. Write your message (up to 160 characters, see the counter)
7. Hit "Send".
8. Check results in right hand window

Contact
http://www.talk21.com

3. How a virus gets into your workplace: the trends & fixes

The trends
In 1999, 56% of viruses made their way on to computers from email attachments, 38% on some form of floppy disc, 11% from an Internet download. Compare this with the 1996 figures of 9% (attachments), 74% (floppies) and 10% (downloads) and you can see that you should be pitting your preventative efforts against the large increase in email-borne viruses - no longer a simple matter of not opening the attachment. (Due to multiple occurrences, figures may total more than 100%).

Preventative measures
Fortunately, some of the easiest measures to implement are human ones, eg educating your users.

• Floppies
  You can see that education may have had some effect on the decrease in floppy disc viruses in the last 3 years, especially given the rise of home- and tele-working. Specifically, your staff should be checking all floppies that come into your organisation as second nature. Ensure they have virus-checking software to hand on their desktop and know how to use it.
• PCs and network
  By now you should at least have anti-virus (AV) software on each workstation and on all servers. Set it to auto-detect floppies, changes on the hard disc and downloads from Internet browsing (these are often set by default on installation).
  Many AV packages have a facility to auto-update their virus information from the supplier's Web site, so your AV installation can disinfect the latest viruses. Thus, AV updates require no action on your part - other than paying your vendor regularly, of course!
• Email
  All the above measures for the network apply here too. You may want to increase the frequency with which AV checks are done for a specific mail gateway or server. You could also consider outsourcing the AV protection; some ISPs like Star or UUnet offer built-in email screening services (both incoming and outgoing) as part of their Internet and email service to their customers, ie the viruses never enter your organisation's email system in the first place.

  On the human side, you can help to get users into the habit of rejecting suspicious mails and protecting their own inboxes, eg:

  • in MS Outlook, close the split Preview pane
    Pull down View | Preview pane, (to make it disappear)
    This will require an extra double-click to read a mail, but will prevent that top email in the list (usually a new one) from being opened without your say-so in the bottom pane.
    
  • in Netscape, pulling down View | Show | Message toggles the preview pane on and off
  • in MS Outlook, really make sure you empty that Deleted Items folder (Tools | Options | Other | tick "Empty the Deleted Items folder ..." (It's unticked by default).
  Check suspicious emails. Are you being mailed by someone you don't know? To be completely safe, just delete the message. At the very least check their credentials.
  • in MS Outlook, right-click on the message line, then select Options and examine the Internet Headers. The headers show you exactly which mail servers the message passed through before coming to you. Your ISP will be among them.
  • in Pegasus Mail, pull down Reader | Show all headers, or press Ctrl+H on the text part of the message. (Pegasus shows its attachments separately).
  • in Netscape, pull down View | Headers | All

Avoiding the problem altogether
Since many of the viruses and trojans written by hackers (or more correctly 'crackers') are aimed at the weaknesses in Microsoft software, a typical user of a Word, Outlook and Internet Explorer combination on a Windows98 or NT operating system will be at maximum risk compared to one who uses fewer of these applications - it's a fact. However, this solution may not be practical for many users or they may have weighed up the risks versus benefits for themselves.

Refs
All figures from the ICSA Labs 1999 Computer Virus Prevalence Survey. International Computer Security Association, Inc. (ICSA.net).

4. Email TLAs & usages

What they do
This bunch of Three (and Four) Letter Acronyms were commonly used when email first started because it was important to keep email sizes small. Some of the basic ones have gained acceptance as standard usage.

Benefits
Now you still see them used because :

• they are quicker to type
• they help introduce a degree of politeness or diplomacy
• they now convey 'email expertise' instead of 'nerdiness'

A small sample of email acronyms

BTW

By the way

IMO

In my opinion

IMHO

In my humble opinion

LOL

Laughing out loud

TIA

Thanks in anticipation

<g>

Grin

[snip]

I've snipped out a passage

Examples:

• You might use or put in a 'smiley' (see below) after making a joke that you don't want to be construed as sarcastic. This can be particularly important in international or cross-cultural conversations!
• It is polite to use [snip] if you are editing out parts of someone else's conversation that are not relevant in your reply; it simply conveys "this isn't the whole of what was said".
• TIA is often used as an email signoff if you are expecting a reply.

Contact
For a more extensive (and nerdy) list see : http://kb.indiana.edu/data/adkc.html
For a list and explanation of 'smileys' see : http://kb.indiana.edu/data/ablk.html?cust=12196

5. Laptops lap up support

Whilst most organisations see the benefit of standardisation by using Desktop PCs in terms of much lower ongoing total cost of ownership (tco), the same rigour does not often apply to laptops.

Laptop benefits
Laptops are perceived as a much more personal item, so end users want light-weight models, inbuilt toys such as cameras and DVDs, and fashionable stainless steel cases.

Laptop drawbacks
However laptops do tend to be much more unique in terms of hardware and software features compared to PCs. A desktop PC from Compaq or Dell would often be more similar in features than two laptops in the Compaq range. The uniqueness of those parts also means that you'll be lucky to find that exact replacement keyboard for your laptop even before the 12-month warranty is up, since manufacturers want to keep their range of stocks low.
With laptops, palmtops and variants becoming increasingly popular, the amount of time required to support these products can become considerable. Support means not just IT staff time, but often hidden costs incurred by the laptop user - perhaps battling to get their toy to surf the net and being reluctant to ask for help and admit that it wasn't as easy-peasy as they promised Accounts it would be. We have even seen instances where pre-installed laptop features prevent CD installation of very standard software such as Office'97.

Summary
The key issue here is striking the correct balance between letting everyone have what they want and the benefits of standardisation. A good rule of thumb is to view support costs as critical and 'sexy' features as a second consideration.

6. ISDN connection failures - be aware

What it does
After having two years of almost zero ISDN failures, we have had several clients in the space of a week whose BT ISDN connections have suddenly failed. An IT journalist for one of major journals also experienced the same problem and tracked it back to his local BT exchange being geared up for ADSL.

How to check your local phone exchange
You can check whether your local BT exchange is being or has been upgraded by pointing your browser at this address : http://208.56.203.238/signup/signup.php3
You'll need to type in your organisation's phone number including the full national code.

Contact
If you have a fault or failure, you can use BT's reporting service by either phoning them or filling in a form on-line. Both methods allow you to track the progress of your fault report.

• Ring BT on 151 (in time-honoured fashion by running down the road to find a phone box).
• Do it cyber-style, by browsing to : http://www.bthome.com/e_services/repair/repair_fault_index.html,
  but of course if only your Internet access is still working .....

7. Your email system is down, but nobody realises !

What goes wrong
Sending and collecting of Internet mail stops working and several days pass before anyone realises - this has happened to a couple of clients recently. Staff just believe they are awaiting responses or no mail has come to them for a while.

Cost
Ultimately, you could lose correspondents. For some of you, these may also be customers.

How to prevent it happening
In a similar way that you probably have someone to sort incoming post everyday, you should by now have allocated an 'email sorter' (not necessarily the same person) to deal with unforwarded Internet email. Lots of these 'leftover' emails are simply the result of misspelt addresses and so have to be forwarded manually.
As a rule of thumb, your email sorter person should be looking at the mail queues probably once a day. If your organisation has set up, say, a customer-response line based on email (typically enquiries or orders), you may want to do this check more often.

• In MS Exchange Administrator, look at the Queues tab and if there is a problem you will see a list of 'oldish' unsent mail under the outbound queue.
• Likewise in Pegasus Mailsort, pull down File | Review queued mail. We would recommend that this check be carried out when the daily tape backup is verified.

How to restart MS Exchange server
If MS Exchange server really is 'frozen' (you may not be able to send internal mail either), stopping and restarting the Internet Mail Service under the Services (cogs icon) usually cures the problem.

Go to your NT Server console and click :
• Start | Settings | Control Panel
• Double-click the Services icon
  Then, for both of "MS Exchange Internet Mail" and "MS Exchange Transfer Agent" services, do the following :
• highlight the service, click Stop (wait until it stops)
• highlight the service, click Start (wait until it starts)
  That's it.

Contact
If the email still refuses to budge, please call our help desk 020 7793 7877 asap.

8. Are you practising safe surfing ?

What it does
This guide gives a series of measures to make browsing the Web safer if you are using Microsoft Internet Explorer version 4.0 and upwards. Some of the measures are a trade-off between increased protection and a loss of some functionality.

What's the problem ?
A serious vulnerability exists within Internet Explorer (namely the HHCtrl ActiveX control) that allows remote intruders to run programs (possibly malicious ones) on your PC if the intruder can cause a compiled help file (CHM) to be stored "locally". Microsoft has released a security bulletin and a patch for this vulnerability (see below), but the patch does not address all circumstances under which the vulnerability can be exploited. Microsoft have no plans to alter the patch.

The vulnerability exists on any typical Windows PC with Internet Explorer installed with its default settings. The vulnerability may be exploited by remote intruders ('hackers') any time you use Web browsing - it doesn't necessarily require you to use email.

Counter measures
The measures are :

1. - Only browse 'trusted' Web sites;
2. - Apply a patch (extra downloadable piece of software) released by Microsoft;
3. - Change Internet Explorer's configuration.
4. - Edit the local registry keys;
5. - Change Outlook's configuration, if you use it.

How to make it happen

1. - Only browse 'trusted' Web sites.
   Very easy, but requires experience. Don't browse a lot of unknown or randomly selected sites. Use trouble-free ones recommended by colleagues or sites you know that belong to established organisations. Most people visit a small number of familiar, professionally-operated web sites and it's unlikely that such sites would pose any risk. Put the sites that you visit frequently and trust into the Trusted Zone in Internet Explorer.
   • Pull down Tools | Internet Options | Security tab | Trusted sites | Sites.
2. - Apply a patch (extra downloadable piece of software) released by Microsoft. You should certainly do this. To get the patch visit : http://microsoft.com/technet/security/bulletin/ms00-037.asp selecting your appropriate version Internet Explorer.
   To read more background (FAQ) visit : http://microsoft.com/technet/security/bulletin/fq00-037.asp
3. - Change Internet Explorer's configuration.
   Easy, but may give you warnings when you browse certain Web sites. If all 3 of the options a), b) and c) below are set to "Enable", (the default in the Internet Zone), you are vulnerable. Setting any of these to "Disable" or "Prompt" may prevent the exploit entirely.
   To change your security zone settings for Internet Explorer 5 :
   1. Pull down Tools | Internet Options
   2. Click the Security tab
   3. Click the Internet icon, then the Custom Level button
      1. Set "Run ActiveX controls and plug-ins" to disable.
         Disabling ActiveX controls offers good protection, but also prevents common plug-ins such as Adobe Acrobat reader from running normally. You would have to run them separately. Setting "Prompt" is not recommended, unless you know exactly which plug-in is about to be executed.
      2. Set "Script ActiveX controls marked safe for scripting" to disable or prompt.
         Disabling the scripting of ActiveX controls is good protection against this vulnerability but limits the normal operation of many controls used over the Internet. Setting to "Prompt" again generates dialogues but without sufficiently strong warnings.
      3. Set "Active scripting" to disable.
         Disabling Active Scripting is perhaps the best solution since it prevents the vulnerability from being exploited and doesn't present you with warning dialogues. Setting to "Prompt" is not recommended, because the warning dialog will incorrectly imply that the action is safe, when in fact it is not.
   4. Click OK to accept these changes.
   5. Click Yes to "Are you sure ...?".
   6. Click Apply and then OK to save and close.
4. Edit the local registry keys.
   Doing this may give you warnings when you open Help files on your local PC, but you should only do this if you are familiar with registry editing since it controls your PC startup.
   The edit involves changing the attributes of the HHCtrl ActiveX control. Read the full document at the URL given under "Contacts" below.
5. Change Outlook's configuration if you use it.
   Configure Outlook to read email in the Restricted Zone, because an email message may start Internet Explorer automatically if Active Scripting is enabled. You should do this in addition to the changes mentioned earlier.
   1. In Outlook, pull down Tools | Options
   2. Click the Security tab.
   3. In the Secure content section, pull down Restricted Sites instead of Internet.
   4. Click OK to close.

Contact
Full document available from: http://www.cert.org/advisories/CA-2000-12.html
Cory Cohen is the primary author of the full document, with some text by Shawn Hernan. Thanks to Georgi Guninski, who originally discovered this vulnerability and who also provided input used in the development of this advisory.