|
|
|||||||||||||
**** NewsBytes **** NewsBytes **** NewsBytes ****
What are other charities doing with IT?
Sayer Vincent, Chartered Accountants to the charity sector have now published their ISBenchLearning report. This excellent and in-depth analysis on voluntary sector information systems should be compulsory reading for all those involved in this field. For a copy, or to participate in the next survey, please contact Iain Pritchard at Sayer Vincent: info@sayervincent.co.uk
HP re-invents - itself
The now 3-year old HP/Compaq merger now looks unlikely to have been a marriage made in blue-chip heaven. In February, CEO Carly Fiorina's position was just one of the casualties of her ambition to turn the super giant into a purveyor of low-cost PCs and servers in an already margin-tight, commoditised market. Despite announcing hundreds of high-tech, low-cost new products, the only market area that the company remains truly profitable in is its old traditional one - printers.
Secure IE7, but not for everyone
Among a raft of announcements from Microsoft has come the news that a new Internet Explorer browser, version 7, will go on trial this summer, reversing previous statements that a browser would not be shipped standalone. However, while perhaps acknowledging the inherent IE browser weaknesses, the more secure IE7 will only run on the latest systems, namely Windows XP with the Service Pack 2 update. This caused industry analysts, Gartner, to criticise Microsoft's security strategy as 'lacking vision' and attempting to force users of older platforms to upgrade to get improved security.
Other Microsoft announcements included commitments to provide an anti-spyware service to licensed Windows users (free to personal and home users only) and a consumer antivirus service by the end of 2006. Fees for enterprise versions are likely.
Mike Nash, Corporate Vice President of the Security Business & Technology Unit, also said there would be a Service Pack 3 for Windows XP.
Hacked off - top security concerns
Recent research from Intrepid Consultants Ltd, commissioned by Microsoft,
shows that just 3 areas make up 95% of all security concerns. Those primary areas are viruses, hackers and spam, with viruses accounting for half of this. Of the 6000 people interviewed in small and medium-sized companies, many were drafting in outside help to manage security issues.
Download the "Intrepid Security Research Report" (PowerPoint document, 479KB)
Laptops find new slot
The old PCMCIA card slots we have all become so familiar with in the sides of portable computers are about to be replaced by a faster breed of slots accepting the new standard ExpressCard (designated by an orange hare), coming in 2 widths, 34mm and 54mm.
With a data transfer speed of over twice that of their PCMCIA forerunners, the new PC cards still manage to consume less power and, lacking a separate card controller, will be cheaper to produce; good news for manufacturers who include major players Dell, Hewlett Packard, IBM, Intel and Microsoft.
Auto suggestion?
"Tell us what to do and win a car!"
OK, a car is a slight exaggeration - unless its a banger - but where an introduction leads to a new staff member or a new client or if you have an idea we then use, we always say "Thanks" on an appropriate scale, so do keep those thoughts coming. Contact us.
**** end of NewsBytes ****
| ^ Back to contents ^ | ||||
|
1. Sender Policy Framework (SPF)
| ||||
| More help at hand. All the back issues just a click away |
The biggest trouble with the Simple Mail Transport Protocol (SMTP) that all email currently clients lies in that first word - it's Simple. Ratified in an age of academic nirvana, when altruistic university grads and professors were the only email senders on the horizon and e-commerce wasn't even a twinkle in any business leader's eye, SMTP (RFC 821) performed exactly what was needed to get simple electronic messages from one (friendly) sender to another.
I'm gonna sit right down and type someone an email,
And make believe it came from you, I'm gonna offer you a treat, And hope to sweep you off your feet, A lotta smileys on the bottom, To let me know you got 'em Linda Craig, Jan 2005
Apologies to "Ain't Misbehavin'"
Composers: Joe Young, Fred E. Ahlert Fast-forward twenty years and the majority of global email traffic - over three-quarters in fact - now comprises unsolicited advertising, pranks, 'phishing' hoaxes and porn. Only the collaborative systems like Cloudmark, have had some success and also real time black lists (RBLs), though many of the latter often generate 'false positives', banning genuine mail senders for a while until they can be verified and removed from the list. 
But what if every sender of email had to be verified before their message was allowed to reach its destination? In the last 12 months, significant tests and developments have been made with Sender Policy Framework (SPF), originated by Meng Wong. Formerly called Sender Permitted From, the acronym has persisted and it seems the analogies with Sun Protection Factor are deliberate. How SPF works
In essence, SPF is as simple as this:
Thus, any emails not sent from the machine declared in YourOrg's Policy Document simply fail to arrive at the mail server of anyone complying with SPF. This works because the Domain Name System uses DNS servers to resolve Domain Names (like coopsys.net) into IP addresses, and every Internet-connected machine in the world has one of those. Since DNS channels requests for various Internet services (email, web, etc), every domain must have an MX (Mail Exchanger) record and it is this MX record that tells the email sender (its mail server) where to find the destination server for receiving mail. Reverse this lookup process and - hey presto! - you have SPF. For a simple analogy, consider letter post versus a pair ordinary mobile phones:
Then three come along all at once ...It would be dandy if we just had the one verification standard to stick to. But that wouldn't be very like the real world, would it? There have been several anti-spam initiatives and the forum is littered with the usual forgettable crop of acronyms like DMP, RMX, PRA, MUA, SAV and SPF Classic mode, but the most well-publicised one of these that surfaced in the last year came from, perhaps inevitably, Microsoft, with its Sender ID. Not everyone from the open source SPF community has welcomed Microsoft's Sender ID contribution with open arms. However, most proponents breathed a collective sigh of relief when the SPF supporters and Microsoft last year agreed to work together and merge their respective standards. The emergence of one clear standard for address verification will mean there is a good chance that it will be adopted universally, though that doesn't mean it's all plain sailing from here on. A part of the proposed standard may comprise Caller ID for E-mail, a technology that Microsoft would like to patent, and that would ultimately require that its users to sign a licence, a development that sits uncomfortably with open-source project groups. Does SPF work?Just for a change, the issue may be less of technical argument and more of a PR one, in other words, will people adopt SPF? Those who do take up scrutiny of inbound mail using this technique will see rates of unsolicited mail drop significantly once larger numbers of policy documents are available. There is always the choice of opting mail servers out again at any time. Many large mail forwarders and greetings card sites have volunteered to comply with SPF and so it is already beginning to have an effect on clamping down on spam. An estimated one million domains had already published their SPF records in less than 12 months. Are there any problems?SPF alone won't be a catch-all for spam, just those who spoof domains. A side-effect is that self-emailing viruses that fake addresses will also be caught in the net. The argument then runs that those persistent spammers who continue to send unsolicited mail (from genuine addresses) will then stand out and be easier to identify. However, we are still going to need some content filtering and the end of the day. SPF works because a domain usually sends its mail out only through a fairly small number of servers. However, people who spend time travelling and frequently send mail from different locations, like a hotel or an Internet cafe, will need to keep their policy document updated otherwise SPF-enabled mail servers will refuse their messages. Fortunately, policy documents can be altered online, but it's yet another bit of Internet-dependant maintenance. Contacts
-IB-
|
Good read? Rate this article | ||
| I | B | |||
| ^ Back to contents ^ | ||
|
2. Stopping spam at the Exchange server
Cloudmark's SpamNet approach to clearing inboxes was so successful, they launched an Exchange Edition. Could it mean the end of spam altogether? | ||
| More help at hand. All the back issues just a click away |
Collaborative preventionCloudmark's original solution (in both senses of the word) to fighting spam was called SpamNet based on a simple principle: employ the power of a community of Outlook-installed anti-spam installations to report unsolicited mail and build up a database which itself supplies the checklist for the spam-busting software. The next logical level to implement such an approach was clearly at the mail sever, so that users in medium and large organisations didn't have to do any spam filtering for themselves at all, with huge benefits in terms of staff time saving. We were sufficiently impressed with the new Cloudmark Exchange Edition (CEE) to sign up as a channel partner at the end of 2004 and installations are proving their worth to clients who have taken up CEE. With CEE installations of 50 users, software costs per head are under £12 so payback times can be about 2 months. Cloudmark Exchange Edition (CEE) - the Immune System for Email
By trapping spam at the Microsoft Exchange Server level, CEE allows easy administration and does not require client-side software. It is a solution developed specifically for small and medium-sized organisations. 
The maintenance-free nature of Cloudmark Exchange Edition results in low support costs, requires no IT resources to maintain and works instantly and automatically. This is partly due automatic real-time updates fetched from Cloudmark's one million-strong user community, but also because in its default arrangement no desktop components are required on the user's PC. CEE claims to stop over 98% of spam and we found these levels were easily being reached on some of the more public-facing email accounts without losing the normal emails we all need to conduct everyday business. What happened to SpamNet?The client-only application is still there but has been renamed "SafetyBar" and remains as a plug-in toolbar for Outlook. 
The SafetyBar inside Outlook allows you to un/block individual spams and frauds (that the Exchange CEE misses), shows you how much time/money you have saved(!), and view your 'community rating' (trustworthiness, timeliness, spam caught, etc). Unblock twice gives an Intelligent dialogue "Do you always want to receive email from this sender?" which is very handy for preventing subscriptions from disappearing into the Spam folder. Your rating as it's displayed in the Cloudmark toolbar is based on the timeliness and correctness of your contributions, or blocks and unblocks, to the community via Cloudmark's automated trust system. There are 8 levels of trustworthiness, including negative trust if you have incorrectly treated messages. To gain trust points for instance, be one of the first blockers of a spam and fraud message. Your trust rating will lower if you block emails from valid senders or newsletters you have subscribed to. Contacts
-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
3. The Home Computing Initiative
| ||
| More help at hand. All the back issues just a click away |
What is it?The Home Computing Initiative (HCI) is a scheme that essentially helps employees to work at home by giving tax breaks on computing equipment. The tax reduction is applied to computers (and other equipment like printers, scanners, modems, discs and peripheral devices, but not Internet access costs) loaned to employees, up to a maximum value of £2500. At the end of the loan scheme, the employer may offer the loaned computing equipment for sale, often at a fraction of its original price. How does HCI work?
Employees and their families get to improve their IT literacy
The initiatives stem from a tax exemption introduced by the Chancellor in 1999. The £500 annual exemption applies to computers loaned to employees as a tax-free benefit. To implement the loan, a salary sacrifice scheme may be used to recover its cost. This salary sacrifice means that the employee gives up the right to receive part of their cash pay in return for the non-cash benefit of computing equipment. To take an example: There is no fixed time period either for time period which computing equipment must be loaned under an HCI scheme or for which a salary sacrifice scheme must run. If the employee decides at any time to return the computer equipment under a salary sacrifice scheme, the non-cash benefit ceases and they should revert to their original gross pay. From a more altruistic point of view, the idea is that employees (and their families) get to improve their IT literacy and individual learning by having computing accessible at home. This means they could be discovering new computing areas such as educational packages, entertainment, photographic projects or designing their own web site. For employers, their aspirations are that workers will receive 'productive learning and skills to solve business challenges, make a greater contribution to the company's performance, adapt more easily to new roles and remain ahead of the competition' - and other similar gung-ho phrases. What are the financial savings?The tax saving for typical basic rate tax payer would be up to 33% (22% income tax plus 11% employee NICs), based on current tax rates or up to 41 % for higher rate tax payers (40% income tax plus 1% of employee NICs). BenefitsThe employer gains because (some of) its employees can work from home thus removing dependency on the employer's office as a place of work. A lower National Insurance charge is a beneficial side-effect for the employer, since the employee spends more time at home. A HCI scheme may also make an employer more attractive to new employees. The employee gains because they can benefit from the latest computing equipment, thus furthering their education and training. They may benefit too by adding flexibility to their lives, for instance to work around child care times. There should be no changes in the employee's working conditions unless otherwise separately agreed with the employer. The computing equipment on loan may be used by family members too. The government (with its support from the TUC and CBI) gains by fulfilling its mission of widening individual learning, helping people to realise their potential, both inside and outside the workplace. After numeracy and literacy, core ICT skills are a key requirement, being used in three-quarters of jobs currently and rising to 90% of all new jobs. DrawbacksOnce the employee is in the loan agreement, say 2 or 3 years, they have to stick to it; under rules set by Inland Revenue, they cannot revert back to their original salary until either the loan or their salary sacrifice period has finished. Should the employee leave their job during the loan period, they may be able to agree to buy it, but the sale price wouldn't be tax free. This latter option, however, cannot a be in the terms of the original agreement, otherwise that would constitute a Hire Purchase Agreement and would not count under HCI. Because the loan of computing equipment by an employer to an employee constitutes a consumer hire agreement, it is regulated by the Consumer Credit Act 1974 and employers therefore need to be licensed. The good news is that the Office of Fair Trading have issued an HCI Group Licence Pack for employers starting HCI schemes to avoid having to apply for each licence individually. How small can your office become? HCI is not something that can be applied to all employees; if you need an address for deliveries, a location for meetings, or a space that conveys a genuine presence to the outside world - rather than those virtual receptionist numbers that project a bland, synthetic environment to callers - it often makes sense to provide all of those essentials in one office. Furthermore, hiving out employees wholesale to their homes isn't the name of the game and is not allowed to be the reason for a HCI. Unless the employer is envisaging dramatic reductions in the size of office space (hence rent), or a change in the nature of the work, the result would simply be a lack of employee interactivity. It's easy to underestimate how the 'buzz of the office' contributes to getting the daily tasks done with the right priorities. What about IT support?This could be a considerable issue for those working from home for the first time, especially where employees are not used to computer troubleshooting. Contacts
-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
4. Removing the "About:Blank" virus
The "About:Blank" seems to have risen to the top of the dirty dozen pile of browser infestations in the last few months. Here's the cleanup. | ||
| More help at hand. All the back issues just a click away |
What is it?This is yet another in the steady stream of Internet Explorer browser hijacks. Setting the browser start page Normally, you can set the default start page of your browser to a link that you like or to a blank page. Tools menu | Internet Options | General tab | Home page | "Use blank" button Tools menu | Options | General tab | Location | "Use blank page" button These actions simply write the text "about:blank" into the start page entry. In this case, the malicious software (malware often 'caught' through a virus-infected email or by visiting a dubious web site) forces the IE start page to the universal standard for a blank page - the "about:blank" link. These hijacks have been notoriously difficult to remove by users familiar only with anti-virus scanners. Even many so-called spy sweeping utilities say they have removed the problem but it just comes back! The source of the problem are the troublesome .dll files hidden in registry. What's the cure?You may find one of these rids your PC of the "About:Blank" hijack:
Secure your Internet ExplorerSince many hijacks attack the exposed underbelly of Microsoft's Internet Explorer, it makes sense to ensure this application is protecting itself, which can be done quite simply:
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
5. Home and work: the storage divide
| ||
| More help at hand. All the back issues just a click away |
Internet email and remotely-accessible drives have been the holy grail of the virtual persona. Now you can get it all for free and separate personal lives from working ones.
What happens when a new employee starts? Typically, they get an account on the local area network, an email address and some storage space. Right away they are emailing friends and using up that space for personal and 'home work' files. A colleague sends an email with a "Try this online shopping invitation". The new recruit signs up for it with their organisational email address (newvol@YourOrg.org.uk), but what happens when they leave? Result: The special offers and shopping promotions still come flooding in to their address. Better if they had signed up with an email they could continue using elsewhere. Storage Josey arrives at YourOrg as a part-timer, but also works outside on a community music project and is responsible for all the project photos and brochures and music samples. She drops most of the PhotoShop layouts, Jpeg photos and MP3 samples into her private space on the network as a convenient resting place, thereby consuming vast quantities of disc space not really related to YourOrg at all. Result: Uncomfortable clashes with the IT dept ("we haven't got this kind of space!"), her manager ("we should allow people to pursue other skills") and possibly colleagues ("why can't I do that?"). SolutionsNow you could slap a restrictive policy on this sort of behaviour, indeed your organisation may already have one like this in its IT Acceptable Use Policy. However, it's far better to provide alternatives. Why not allow, nay encourage, your users and employees to separate their home and work lives and provide them with simple means to achieve that?
How to implement itSo you have all these useful utilities to steer people away from using up precious network disc space resources, but is it going to be a case of willing disciples or wild horses? Assuming the worst, we'll stick with the 'horses' scenario, and appropriately enough, apply a fairly juicy, crisp carrot, backed up with a firm-but-fair stick. When a new user gets their account and general induction notices, notify them of their new email account and file space and also its restrictions, in the form of your Acceptable Use Policy (The Stick), but also promote links to your chosen solutions (The Carrot) like the ones mentioned here, to encourage them to carry on their extra-curricular activities, but in a legitimate space and reclaim the bona-fide IT resources intended for YourOrg's use. Contacts-IB- Acknowledgements: Mike Strickson |
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | ||
|
6. Windows Eggs-Terminator
Just a bit of yoking around. | ||
| More help at hand. All the back issues just a click away |
A mild, non-violent, 'UU-rated', one-level, non-Real-Time Strategy game called Splurge, in which you splatter virtual eggs and chocolate over your screen. Choose from an array of Splurge gadgets: Splat-o-Choc, Egg Launcher and Choc-o-Chicks (a favourite this one, that leads to a desktop full of chicks running riot). Best with sound on for full effect! There's even a "Milkeraser" to clear up the mess. Benefits
In realityA shameless promoter for Cadbury's products, but quite a good one really. A 2MB game you can easily carry around on a memory stick, assuming it holds your attention for longer than it took to download. Put it in your public Fun Folder, to save everyone downloading it separately. Contacts-IB-
|
Good read? Rate this article |
| I | B | |
| ^ Back to contents ^ | |||
|
Clicks of the Trade - Excel's quick calculator
--- Quick tips for happier clicks! --- | |||
| More help at hand. All the back issues just a click away |
-IB-
|
Good read? Rate this article | |
| I | B | ||
^ Back to contents ^Overview of InfoBulletin Opinions expressed within InfoBulletin do not necessarily represent the views of Co-Operative Systems.
E&OEViewing IB Implementation Privacy |
Subscriptions ^ Back to contents ^Contact details
|
|
|
Read recent and past issues of InfoBulletins on the Web at http://www.coopsys.net/ibindex.htm or search our archives and subject index.
We hope you found InfoBulletin useful! If you would like to comment on any of the articles or request particular subjects to be covered, mail us here.
| ||
