IB: InfoBulletin

1. Web banking - what does it offer ?
2. Using and choosing passwords
3. Free disc space on the Internet
4. Scroller mice transform your window control
5. Dialling Freeserve through an exchange
6. Intel recalls 1.13GHz Pentium IIIs
7. Outsourcing v. hiring IT staff
8. Patch fix for Internet Explorer's "cache bypass" vulnerability
9. Rent MS Office - Microsoft set to launch ASP scheme
10. Outlook security headaches - ILOVEYOU (not)
11. Online shopping fails to deliver

This bulletin is presented as a Web page (in HTML) that can be read in any standard browser and most email clients. It may help viewing if you adjust your frame to approximately A4 size proportions.
However, if you prefer to read it by alternative means, you could copy/paste it into your usual wordprocessor or save it as a text file or even print it to be read later - on recycled paper, of course!
As always, you can elect to change your subscriber address or stop receiving InfoBulletin altogether. Simply reply to this address giving us your preferences.
If you need to re-direct this bulletin to a particular group or person within your organisation, set a rule in your mail forwarder to trigger on the address: infobulletin@coopsys.co.uk and then fill in the internal address of your recipient(s).
For NT/Exchange systems, redirect this address to an internal user or a distribution list of users you have set up.
Under no circumstances does Co-Operative Systems supply lists of customers to other organisations.
InfoBulletin topics can be implemented by Co-Operative Systems if required on a chargeable basis or via Facilities Management (FM) for those with rolling work programmes.

Reply to this address or to : team@coopsys.co.uk

Sales: 020 7793 0395
Fax: 020 7735 6472
E&OE

1. Web banking - what does it offer ?

What is it ?
In short, 24-hour banking from a PC. Log in to the Web site of your bank and check your balances, transactions, payments, transfers and order stationery. We have hooked up to Nat West's site and are using their business service as a trial.

Benefits

• Generally saves on bank charges as it is the cheapest way to make payments - less than half price of cheques
• Saves time - maybe? (see Conclusions)
• For businesses, this facility is now available from High Street banks - no standing charges, but you pay for your time online
• You still receive statements, cheque books and have access to a bank manager in the same way as before, so it runs as an add-on to your existing account
• Do your finance from home

Drawbacks

• Debts are paid out of your account instantly and straight into the crediting account (as opposed to praying that a certain supplier won't cash your cheque for a while!)
• You may need to rethink record keeping as you won't have handy books of stubs for these online payments
• You still need to send advice slips out to people, so no savings on postage
• Sometimes your debtors may experience a delay when you are trying to match electronic payments to the accounts that they are actually paying. Since you now have paper and electronic payment sources to deal with, you must get your own in-house accounts to correlate, otherwise you will end up sending out demands for invoices that they have already paid. And vice-versa for your creditors who use Web banking of course. Since the money 'magically' appears in your account/bank statement, forgetting to allocate it becomes too easy. Receiving a cheque, on the other hand, prompts you to do something with it in order to get paid, so you are more likely to process it.
• Think about security issues. Knowing your account password gives anyone an all-or-nothing security status - they can do pretty much anything online, including setting up accounts for beneficiaries and new accounts - this doesn't need extra verification 'by the boss' as is usually the case with paper. The golden rule is "Don't log on to site and then leave your pc unattended!"

What do you need ?
NatWest's minimum specification is :

1. a PC with a 486 processor,
2. 16MB RAM (Windows 95/98) or 24MB RAM (Windows NT),
3. a 28.8 Kbps modem connection to an Internet Service Provider,
4. Windows 95/98/NT4,
5. a Web browser (Internet Explorer 4.0 with service pack 2 or above or Netscape Navigator 4.1 upwards).

How to make it happen
Contact your chosen bank and make sure they offer the service. Complete the online registration and you will be supplied with an on line id and just have to choose a password.

Conclusions
For a small company, it's debatable as to whether Web banking is any quicker than writing cheques by the time you've confirmed entries and entered passwords. At this level, one person is trusted with handling financial matters and human interaction takes care of many anomalies.

However, Web banking also forces a larger organisation into the position of possibly making one person responsible for finance, bearing in mind that they can also do all the business banking from home. If several finance people are involved, they have to be trusted to understand and execute all transactions and co-operate with each other, since access levels to all accounts are the same.
You have to think hard here - it's a tricky one.

Contacts
In our own example, NatWest have recently started this service for smaller organisations.

HSBC will join in early 2001.

Barclays and Lloyds TSB have already been doing it for a while.

Egg and First Direct do not offer business banking (at time of press).

[Thanks to Nyree Hughes for research]

2. Using and choosing passwords

No doubt everyone in your organisation is accustomed to using a login and password, but what happens when they're away? A frantic hacking session by colleagues to get to their data or email ... sound familiar? Apart from being an absolute security no-no, this attempt at retrieving information is extremely inefficient and can generate more IT problems in the aftermath of the hack-fest than it solves in the short-term.

Solutions
The old problem of security versus access can be overcome by setting up sensible 'sharing' arrangements both for data and email systems; these are the classic functions of a systems administrator or IT manager. Thus, when staff are away on holiday or on sick leave, others can pick up their work 'transparently' without having to take or request extra measures.

• Sharing file data
  Users need to be able to share documents and file data. You should provide drive mappings to commonly-used areas of your server, eg map a drive G: (G for "groups") to say \\ourserver\work\ and decide which users have access to change files or merely read them. Staff should be encouraged to move their own documents-in-progress from their private space (say H: drive) into the G: drive (or wherever), once those documents begin to become relevant to a group or department.
  You can implement the appropriate file and folder permissions :
  • on Windows NT server, by using Explorer, then Properties and clicking Permissions
  • on NetWare 4.x servers, by using NetAdmin | Manage objects | (select group) | View/edit rights
  • on NetWare 3.x servers, by using Syscon | Groups | (select group) | Trustee Directory Assignments
• Email
  Most mail systems are capable of redirecting email to other accounts and also providing automated replies (holiday/vacation response or out-of-office type messages) and these can all be employed to obviate 'email-hacking' when people are away. Get those people to inform you first or teach them how to set up these responses themselves.
  An even better solution is to use notice boards (Pegasus) or public folders (Exchange) in combination with groups. So, for example, set up your external email address "enquiries@yourorg.co.uk" to be routed internally to a public folder or notice board called "Enquiries" which can be read by group "Everyone" and handled/deleted by a group "Info". So all staff can read incoming email enquiries to "enquiries@yourorg.co.uk", but only people in the Info department carry out the shared task of dealing with it - preferably on a rota basis.
• Databases
  Most databases have their own administration systems (using extra passwords), so that access can be applied only to certain groups. However to begin with, it is better to make reading access unlimited so that users can at least view that "Contacts" database you may have set up and get used to using the database application.

How to choose a password
In advising users to choose everyday passwords for an internal network, applying mnemonics gives the easiest and most secure solution: think of an acronym or phrase mnemonic you can remember easily and try to embed numbers, uppercase and lowercase letters in it, eg " Harry Potter and the Goblet of Fire" yields "HPatGoF".
If this method generates a password of less than the recommended minimum 5 letters, you can extend it by stringing together book or film titles, eg "For Weddings and a Funeral" and "Toy Story 2" yields "4WaaFTS2".

Passwords you should not use
Don't under any circumstances use :

• the word "password"
• words shorter than 5 characters
• your username (many systems won't allow this anyway)
• repetitions of short words like "dumdum"
• your organisation's name or its initials
• your organisation's address details or postcode

Protecting supervisory accounts
For internal networks that also connect to the Internet, you need to clamp down seriously on the "Admin" or "Supervisor" login, since this account secures access to your whole fileserver - programs and data. At least employ the above mnemonics method or just use some random numbers and letters that make no sense.
If your network has an 'Always-On' connection (leased/private line, ADSL), your network is permanently exposed to the Internet, so security is even more important. There is a good case here for employing a password generator program (see below). Aside from attempting to guess passwords, malicious outsiders can employ utilities (like "Crack" and "John the Ripper", easily available on the Net) that can crack many passwords in a matter of minutes - assuming they can get to your fileserver. For Windows NT systems, an ideal password length is 7 characters , since this is the basic encryption module length. A longer password than this is not necessarily more secure, especially if it's made up of 2 words where one word gives a clue to the other, eg "backinggroup".

Contacts
Call us if you have password security problems on 020 7793 7877. We can help you create better access for your users while maintaining optimum network security.

Password generators on the Net:
A simple online password generator operated with one click.
A downloadable generator with simple admin which records users and the passwords you assign. Evaluation version.
Many more advanced generators including freeware versions which can produce hundreds of passwords at a time using different algorithms.
A generator for Psion portables.

3. Free disc space on the Internet

What it does
Freedrive gives you a private space to store your own files on the Internet. You get into your space by logging in with a password from any Web browser. Up/download files from PC to Web .

Benefits

• You get a 50MB allowance of free disc space (equivalent of 25,000 pages of plain text or 36 floppies)
• No setup is required, so it's useful if you're on the move a lot
• Store your files in one place. It's easy to upload and download files with a drag&drop from/to any computer with a browser. Make sub-folders or directories within your space to organise files
• Share your space with other Freedrive users by giving permissions on your chosen directories. No setup needed on their part and files are not duplicated so there is no extra loss of space allocation. You can use your publicly-declared share space as a link on your Web site.
• An indicator gauge shows how much of the 50MB you have used up

Drawbacks

• Only 6 files can be uploaded at a time and without a facility to do whole directory structures this can be quite slow.
• The ultimate in portability has a price: Freedrive relies entirely on Internet access which, although as near to hand as any cybercafe, will always cost you money to get to your info - as opposed to keeping your info on a LAN

Cost
The only cost is what you pay for online access.

How to make it happen
Go to freedrive.com and register to get your account by choosing an id and password. Use these to login and see your new empty drive.

Contacts

Web: www.freedrive.com

4. Scroller mice transform your window control

What it does
A scroll mouse has a centre wheel between the 2 clickable buttons. This wheel effectively takes control of the scroll bar at the side of a window.

Benefits

• Scroll up and down through all of your Windows panes (and most picklists too) without moving your hand to the scroll bar. While this otherwise sounds like a minimal effort, it could help to reduce RSI-type problems for those who do a lot of mouse work, eg DTP and layouts
• The degree of control from the mouse wheel definitely improves the speed and accuracy with which you can position your cursor in the window
• Less mouse movement means less maintenance to the mouse ball and rollers - the most common parts needing attention. (See June 2000 InfoBulletin for simple steps on mouse maintenance)
• The scroller wheel itself is clickable and gives you a useful function to read documents (a better alternative to spinning the wheel).
  • To toggle it on, click the scroller wheel once in, say your word processor (new arrow cursor appears).
  • Now you can scroll up and down your document just by moving the mouse. The reading speed is proportional to your vertical movement: a small move gives a good slow reading speed, a big move gets you straight to the top or bottom of your file. Reading like this is definitely easier on the eye than any other continuous scrolling method.
  • To disable scroll, click any button.
  Spinning the wheel works all the time as well as in scrollable lists.

Cost
Little more than a conventional mouse and anyway it's always handy to have spares. Just contact us for prices, phone 020 7793 0395.

5. Dialling Freeserve through an exchange

What it does
If you dial up a 'free' Internet Service Provider (ISP), eg Freeserve, you must have "caller-ID" enabled on the phone line. The ISP will refuse the connection if the number shows up as having been withheld.

How it works
Such 'free ISPs' make their money on a percentage of the phone calls by their customers who dial up for Internet access; to prove they have earned their percentage (from BT) they use caller-ID to identify incoming calls.
If your organisation's line or number is ex-directory, then it normally has caller-ID disabled as well. This can also be the case with numbers dialled through a private exchange (PABX).

How to make it happen
To temporarily turn on caller line identification (CLI) for Internet calls, prefix 1470 to the dial up number - usually in your modem dialler. This is the prefix for BT lines; other telephone companies may have different prefix codes.
However, some telcomm companies' products do not provide CLI, for example, if you have an old Cable & Wireless digital switchboard, these do not generate CLI on the whole, so prefixing extra numbers will not help. The only solution in this case is to use (or have installed) a direct outside line for your modem.

[Thanks to Asif Johar, Manji Kerai, Tony Benjamin and Andrew Brooks for research]

How free is it?
At the beginning of October, Freeserve announced they would bar users who abuse the "unlimited" aspect of Freeserve Unlimited. They say a small number of their subscribers are using their dial-up account to keep their businesses connected to the Internet or running online games for an average of 16 hours a day. However, the Freeserve agreement does not give an exact limit to the amount of time users can stay logged on.
World Online and Breathe have both set limits on their flat-rate packages, and Breathe has barred 500 subscribers for excessive use.
Another pioneer of free Internet access, CallNet, is being wound up asa result of being sued by creditors disatisfied with the CallNet's financial postion.

6. Intel recalls 1.13GHz Pentium IIIs

What's happening?
Intel is recalling its 1.13GHz Pentium III chips because of a problem that could cause some applications to freeze.
Although Intel is working with its PC manufacturer customers to recover all 1.13MHz Pentium III processors shipped so far - only IBM having shipped significant numbers - not all of these chips exhibited the problem.
The chip shipped on 31st July and future versions will be repaired within about 2 months.
Contact your PC vendor for a replacement if your PC has this version of processor.
Industry analysts are saying that the fault may be a result of racing to compete with chip maker Advanced Micro Devices (AMD) who have recently announced that suppliers are shipping PCs with its 1.1GHz Athlon chip on board, putting Intel at a competitive disadvantage.
This also signals the end of life of the Pentium III series with Pentium 4 coming to suppliers by the end of this year.

Contacts
Web: More details

[Research: John G. Spooner, Ken Popovich, Mike Magee]

7. Outsourcing v. hiring IT staff

What's happening?
Trying to hire an IT manager? The skills are diverging. Chances are you'll need a Web editor and a database administrator as well as an IT manager to keep things going.

What it does
Outsourcing is becoming increasingly popular among commercial firms as they try to free themselves from mundane IT management tasks and concentrate on their core functions. Now there is a choice: when hiring becomes difficult they can outsource their entire IT operation or just choose to outsource certain sections, eg desktop management, to various suppliers, and keep other IT functions in-house. Selective outsourcing is the key.

Benefits
Co-Operative Systems is a great believer in the value of outsourcing IT functions - yes, it does provide us with an income stream, but when handled properly it is much more efficient than doing many of your tasks in house. Human beings have increasingly outsourced everything in the last two hundred years: compare the ease of going to a restaurant to growing and preparing your own food to reproduce the same meal. Outsourcing generally makes life easier.
The key to successful IT outsourcing is managing the process properly - working with the supplier to agree which tasks should be outsourced and regularly reviewing the quality of the work done. Keep in-house your core functionality, eg: database design outsourced, but data administration and manipulation in-house.
Selective outsourcing allows you to concentrate on the areas fundamental to your organisation while making cost savings on the routine areas where you lack the appropriate skills.

Contacts
Do call Philip Anthony (020 7793 0395) if you want to discuss suitable outsourcing for your organisation.

8. Patch fix for Internet Explorer's "cache bypass" vulnerability

What it does
Microsoft has released Microsoft Security Bulletin MS00-046, which has a patch for the "Cache Bypass" vulnerability in Internet Explorer. You are strongly urged to read the bulletin and apply the patch (see below).

What is the "Cache Bypass" vulnerability ?
By exploiting this vulnerability in your Microsoft browser, an attacker can use an HTML-formatted message to read certain types of files on the your machine. The attacker could also possibly store files or execute their own program code on your computer.
They use the vulnerability to store files outside the cache, eg the "Local Computer Zone" (where files security is not under the control of the "Internet Zone" part of Internet Explorer). The "Local Computer Zone" is typically very permissive; you can see this by :

• double-clicking the "My Computer" icon;
• right-clicking C: drive and select Properties | Sharing tab
  You will typically see "Shared As", Share name=C, Name=The World, which has Full Access rights. You can change this with the Edit button.

How to make it happen
The Microsoft Security Bulletin MS00-046, which points to a patch for this vulnerability is at : http://www.microsoft.com/technet/security/bulletin/MS00-046.asp.
To fix the vulnerability, you can either install the patch, or perform a default installation of IE 5.01 Service Pack 1 or perform a default installation of IE 5.5 on any system except Windows 2000.

9. Rent MS Office - Microsoft set to launch ASP scheme

What it does
Microsoft's ASP (Application Server Provider) is a 'new' scheme in which will 'rent out' its software rather having end users buying licences.

Cost
The details have yet to be finalised, but sample prices on a rental per-user-per-month basis would see Office Professional priced £8 at per month. Pricing is similar to replacing software with new versions every two years. The scheme will also run in conjunction with based subscription and download of software.
With Microsoft dominating the desktop market place and ultimately to be broken up, it also plans not to offer any discounts on user volume, the rate per head being the same if you are the NHS or one-man-band.
No plans have yet been made for a discounted public sector scheme. It seems likely that software will only be available direct from Microsoft and not via resellers and distributors.

Benefits (for Microsoft)
A key reason for this scheme is probably to enable Microsoft to squeeze extra revenue from its end users. With the Millennium well behind us, users who have already switched to Windows'98 and Office2000 are probably happy to run with this software for 3-4 years and turn their IT attention to other issues.

Seen it before?
Sun turned ASP last year when they offered their recently-acquired StarOffice package for rent via the Web.
Long before that in 1995, Oracle did the first free trial of an 'Office on the Net' called "InterOffice" presenting you with word processing, address book, presentation, calendar. It was also the first portable Web email client.

(Source VNU)

10. Outlook security headaches - ILOVEYOU (not)

What it does
Feedback from various sources indicates that the outcome of installing the security patches for Microsoft's Outlook to protect against viruses like "ILOVEYOU" and "Melissa" causes headaches for administrators. Because of this, we have not implemented these patches yet, as the resulting damage seems to be greater than the security benefits - "the vaccine kills the patient".

Issues
Some of the 'nuisance' issues with the patches are :

1. Outlook slows down considerably with all the checking that needs to be done.
2. You won't be able to access many e-mail attachments, because the update works on the erroneous assumption that all e-mail attachments with certain file extensions are damaging, including .EXE, .COM, Vbscript, .BAT, .INF, .MDB, .URL which are effectively disabled.
3. Support companies that send virus signature updates as .EXE files are now forced to send them as a .ZIP file instead.
4. The Object Model Guard checks for every attempt by an external program to access the address book or send e-mail via Outlook. The user is then prompted to give permission to the external program.
5. The Object Model Guard also causes mail merge delays and prevents sending of a Web link.
6. Finally, there is no uninstall program for the update. The only solution is to re-install Outlook.

Contacts
If you're happy with the security-versus-nuisance compromise, you can download and apply the patches yourself from here.

Both Outlook98 and Outlook2000 updates are available, but the latter requires you to have installed Office 2000 Service Release 1a (SR-1a) (which includes the original Office 2000 SR-1 update and the Office 2000/Windows 2000 Registry Repair Utility).

[Thanks to Nishal Rooplal for research]

Back to contents

11. Online shopping fails to deliver

What it does (not)
Online shopping is proving to be ever easier at taking orders and money from customers, but lousy at actually delivering the goods. If your own online services are not well-connected to your sales and stock control, beware!

Drawbacks
A recent Trading Standards Institute survey found that online shopping is slower and more trouble than buying goods in a shop. Over a third of the orders did not arrive on time and 17% did not arrive at all.
A recent personal survey (3 purchases) revealed a 100% failure rate with late supermarket deliveries (Sainsbury and Tesco) by up to 24 hours - so don't plan a meal around an Internet order! Also complete failure to deliver train tickets on the part of TheTrainLine, either by post or for collection, necessitating extra buying, queueing and time lost.

And the moral is ...
If your organisation has any sort of e-commerce operation running - for instance, selling your publications online - make sure your back-end delivery services are at least as efficient as if your customers had ordered by post, fax or phone. Otherwise, expect to offer good compensation as standard.

Contacts
One of the largest surveys of Internet shopping sites carried out by the 'Crossing The Boundaries' group of Trading Standards Services involved officers attempting to make test purchases from 102 companies.

[Paul Craig]